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Abstract 

Courcelle's Theorem states that every problem definable in Monadic Second- 
Order logic can be solved in linear time on structures of bounded treewidth, 
for example, by constructing a tree automaton that recognizes or rejects a tree 
decomposition of the structure. Existing, optimized software like the MONA 
tool can be used to build the corresponding tree automata, which for bounded 
treewidth are of constant size. Unfortunately, the constants involved can become 
extremely large - every quantifier alternation requires a power set construction 
for the automaton. Here, the required space can become a problem in practical 
applications. 

In this paper, we present a novel, direct approach based on model checking 
games, which avoids the expensive power set construction. Experiments with 
an implementation are promising, and we can solve problems on graphs where 
the automata-theoretic approach fails in practice. 



Courcelle's celebrated theorem essentially states that every problem defin- 
able in Monadic Second-Order logic (MSO) can be solved in linear time on 
graphs of bounded treewidth [lj]. However, the multiplicative constants in the 
running time, which depend on the treewidth and the MSO-formula, can be 
extremely large 0]. 

Theorem 1 (0,0]). Let V be an MSO problem and w be a positive integer. 
There is an algorithm A and a function f : N x N — > N such that for every graph 
Q = (V, E) of order n := \V\ and treewidth at most w, A solves V on input Q 
in time /(||y||, w) ■ n, where tp is the MSO formula defining V and \\(p\\ is its 
length. Furthermore, unless P = NP, the function f cannot be upper bounded 
by an iterated exponential of bounded height in terms of ip and w. 

This result has been generalized by Arnborg, Lagergren, and Seese to Ex- 
tended MSO and by Courcelle and Mosbah to Monadic Second-Order evalu- 
ations using semiring homomorphisms [J]. In both cases, an MSO-formula with 
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free set variables is used to describe a property, and satisfying assignments to 
these set variables are evaluated in an appropriate way. 

Courcelle's Theorem is usually proved as follows: In time only dependent 
on if and the treewidth w, a tree automaton A is constructed that accepts a tree 
decomposition of width w if and only if the corresponding graph satisfies the 
formula. This construction can either be done explicitly, by actually construct- 
ing the tree automaton (see, e.g., (SIS El HIS SHU)) or implicitly via auxiliary 
formulas obtained by applying the Feferman-Vaught Theorem extended to 
MSO QUI (see, e.g., 0, iQ El, E3). 

In a practical setting, the biggest strength of Courcelle's Theorem is at the 
same time its largest weakness: MSO logic has extremely large expressive power, 
and very short formulas can be used to encode NP-hard problems. This is used 
in Q to prove non-elementary worst-case lower bounds for the multiplicative 
constants in the linear running time. Even worse, these lower bounds already 
hold for the class of trees, i.e., graphs of treewidth one. 

On the other hand, these are worst-case lower bounds for very special classes 
of formulas and trees, and thus there is a good chance that in practice problems 



can be solved much faster. In fact, existing software like the MONA tool |16lll7| 
for Weak Second-Order logic on two successors (WS2S) is surprisingly successful 
even though it is subject to the same theoretical lower bounds. 

The automata-theoretic approach is therefore a promising starting point for 
practical applications of Courcelle's Theorem, particularly since advanced and 
optimized tools like MONA can be used as a black box for the majority of the 
work, and techniques like minimizing tree automata are very well understood. 

There are, however, some cases where the automata-theoretic approach is 
infeasible in practice, i.e., when the automata (or set of auxiliary formulas) are 
too large to be practically computable. This can even happen when the final 
minimal automata are small, but intermediate automata cannot be constructed 
in reasonable time and space (note that each quantifier alternation requires an 
automaton power set construction). 

In his thesis [lH , Soguet has studied the sizes of tree automata corresponding 
to various problems for small clique- width [l9j] The automata were generated 
using MONA, and in many cases, the corresponding automata were surpris- 
ingly small, thanks to the well-understood minimization of tree automata. On 
the other hand, even for graphs of clique-width three, MONA was unable to 
construct the corresponding tree automata for the classical 3-Colorability 
problem. Even worse, the same happened for simple problems such as deciding 
whether the graph is connected or if its maximum degree is two. 

These negative results are somewhat unsatisfying because the respective 
algorithm already fails in the first phase, when the automaton is constructed. 



1 Both, treewidth and clique- width, can be defined in terms of graph grammars (hyperedge 
replacement grammars for treewidth, and vertex replacement grammars for clique-width; see 
e.g. a recent survey [2(1). and in both cases, tree automata can be used to recognize parse 
trees of graphs. 
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The first phase, however, only depends on the treewidth (or clique- width in 
above cases) and the formula (i.e., the problem), but is independent of the 
actual input graph. On the other hand, when running the tree automaton on 
most graphs arising from practical problems, only few states are actually visited 



Recently, there have been a few approaches to this problem, see, e.g., [211122 



[23j,|24|. For example, the approach of [23j,|24j avoids an explicit construction of 
the tree automaton. Instead, the state-transition function is computed on-the- 
fly. Experiments indicate practical feasibility. Courcelle |25| introduces special 
tree-width, where the corresponding automata are easier to construct. 

In this paper, we present a novel, game-theoretic approach, where the input 
structure is taken into account from the beginning via model checking games 
(cf., [26|, [27], HH). Therefore, only the amount of information is stored that is 
needed by the algorithm to solve the problem on this explicit input, and, in some 
sense, transitions between nodes of the tree decompositions are as well computed 
on-the-fly. We particularly avoid the expensive power set construction. 

We hope that the approach can be used in those cases, where the automata 
are too large to be constructed in practice, but the input graphs itself are simple 
enough. In fact, first experiments are promising. Using the generic approach, 
we can, for example, solve the 3-Colorability problem on grids of size 6 x 33 
(treewidth 6) in about 21 seconds and with 8 MB memory usage on standard 
PC hardware, and the Minimum Vertex Cover problem on the same graph in 
less than a second and only 1 MB of memory usage. We note that the automata 



construction using MONA in [18| already failed for 2 x n grids (clique- width 3). 



Related Work 

We briefly survey other approaches to Courcelle's Theorem. We already men- 
tioned that, given the MSO formula ip, one can construct a finite-state bottom- 
up tree automaton that accepts a tree decomposition of the input graph G if and 
only if G \= ip. This is sometimes called the automata theoretic approach. A 
direct construction of the tree automata is described in, e.g., [§] or [l(J Chapter 
6]. In [29|,[il a Myhill-Nerode type argument is used to show that the treewidth 
parse tree operators admit a right congruence with finitely many congruence 
classes. The method of test sets can then be used to construct the tree automa- 
ton. One can also use a reduction to the classical model checking problem for 
MSO on labeled trees 0, 0, HI ■ It is well-known 3(3, 3l| that this problem can 



be solved by constructing suitable finite-state tree automata. This approach is 
favorable if one likes to use existing software such as the MONA tool [16[ • 
A model theoretic approach is based on variants of the Feferman-Vaught 



Theorem jll|: If a graph G can be decomposed into components G\ and Gi, 
then from the input formula ip one can construct a suitable reduction sequence 
consisting of Boolean combinations {and, or, not) of finitely many formulas 



that hold in G x and G 2 if and only if <p holds in G (cf., 0, O, Q [T(J ) • One 
can therefore use dynamic programming on the tree decomposition to compute 
the q-theory of G, i.e., set of formulas of quantifier rank at most q that hold 
in G (cf., 0, [H, E3])- Similarly, one can also inductively compute the set of 
satisfying assignments to the input formula Q. 
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We are not aware of any implementations of Courcelle's Theorem based 
on the Feferman-Vaught approach. The construction of all possible reduction 
sequences for MSO formulas "obviously is not practical" [lj, Section 1.6]. The 
algorithms presented in fl3l . [l4| are therefore infeasible in practice. However, 
from [U we get that computing the particular reduction sequence for the input 
formula ip suffices. Some lower bounds are known for the necessary conversions 
into disjunctions [32| . but it would still be interesting to see how this approach 
behaves in practice. 

A few authors studied practical aspects of the automata theoretic approach. 
It is mentioned in Q that a My hill-Nero de based program has been imple- 
mented as part of an M.Sc. thesis, which unfortunately does not seem to be 
publicly available. The MONA tool [16] is a well-known and optimized imple- 
mentation for the tree automata construction. The space required to construct 
the automata with MONA still turns out to cause severe problems in practical 
applications H, 22|. One idea [HI Chapter 6] is to use precomputed automata 
for commonly used predicates such as Conn(X) expressing that the set X is 

connected. Note however that the Conn(X) automaton requires 2 2 ° ( ' states 
for graphs of clique- width k |1CX Chapter 6]. An automatic translation into 
Monadic Datalog is proposed in [22| . Some experiments indeed suggest feasibil- 
ity in practice; their prototype implementation was, however, obtained by man- 
ual construction and not by an automatic transformation from the underlying 
MSO formula. In 0, [2H the power set construction is avoided by considering 
existential formulas only. The automata thus remain non-deterministic, but of 
course standard methods to simulate runs of the automata apply. Since the 
state transition function is given only implicitly, the automaton is essentially 
computed on-the-fly while recognizing a clique-decomposition. Experiments 
have been conducted on graphs of comparably high clique-width and the ap- 
proach is quite promising. In fact, the lack of feasible algorithms to compute 
the necessary clique-width parse trees seems to be the major limitation. To 
ease the specification of such fly-automata, Courcelle 25|, |33( introduces spe- 
cial tree-width. Special tree-width lies between path-width and treewidth, but 
the automata are significantly smaller and easier to construct than those for 
treewidth. 

In this article, we present a new approach that neither uses automata the- 
oretic methods nor uses a Feferman-Vaught style splitting theorem. Instead, 
we essentially evaluate the input formula on the graph using a simple recursive 
model checking algorithm. In what follows, we shall outline this approach. 



Overview 

Our starting point is the model checking game for MSO (Definition [3]), a 
pebble game between two players called the verifier and the falsifier also known 
as the Hintikka game [26| . The verifier tries to prove that the formula holds on 
the input structure, while the falsifier tries to prove the opposite. In the game, 
the verifier moves on existential formulas (V, 3), while the falsifier moves on 
universal formulas (A, V). 
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This game can in a natural way be identified with a simple algorithm that 
evaluates the formula on the input structure in a recursive manner. If, for 
example, the formula is 3Rtp(R) for a set variable R, the algorithm checks 
whether tp(U) holds for all sets U. In this sense, the computation tree of this 
simple algorithm can be interpreted as the unfolding (cf., 34]) of the model 
checking game. On a structure with n elements, this straight-forward recursive 
model-checking algorithm takes time 0((2 n + n) q ) for a formula of quantifier 
rank q. By dynamic programming on the tree decomposition, we can improve 
this to time linear in n on structures of bounded treewidth. 

This works as follows: We traverse the tree decomposition of the input 
structure stf bottom-up. At each node of the tree decomposition we preliminary 
try to evaluate the formula <p on st using the model checking game on the 
"current" substructure stf' of stf . To this end, we allow "empty" assignments 
x := nil to first order variables x. Such empty assignments correspond to objects 
in sit that are not contained in at 1 and are to be assigned in later steps. Then, 
two things may happen: 

• We can already now determine whether stt \= ip or st \/= ip. 

If, for instance, the formula Scol encodes the 3-Colorability problem 
and even st' is not three-colorable, it locally violates Scol and we can 
derive s/ ^ Scol. 

• We cannot yet determine whether st |= ip or st ^ <p. 

For example, if the formula encodes Dominating Set problem, then 
a vertex v in the "current" bag might be undominated in the current 
subgraph, but we do not know whether in the "future" another vertex 
might dominate v. 

The first case is formalized in Lemma [4] and Lemma [6] In the second case, 
we found a "witness," i.e., a subgame that we were unable to evaluate. We then 
will re- visit those undetermined subgames during the course of the dynamic 
programming until we finally arrive in the root of the tree decomposition, where 
all subgames become determined. 

The next crucial observation is that MSO and FO formulas with bounded 
quantifier rank have limited capabilities to distinguish structures (formally cap- 
tured in the = g -equivalence of structures, cf. |35[). We exploit this fact and 
show that we can delete redundant equivalent subgames (cf., Algorithm [3]) for 
a suitable definition of equivalence (cf., Definition [5]) . We can then show that, 
assuming a fixed formula and bounded treewidth, the number of reduced, non- 
equivalent games is bounded by a constant (LemmaE]), which allows us to obtain 
running times linear in the size of the tree decomposition. 

While this game-theoretic approach is subject to the same non-elementary 
lower bounds as the other approaches, the actual number of ways to play the 
model checking game highly depends on the input graph. For example, if the 
graph does not contain, say, a triangle, then the players will never move to a 
set of nodes that induce a triangle, while a tree automaton must work for all 
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graphs. This observation is reflected in practical experiments, where the actual 
number of entries considered is typically much smaller than the corresponding 
worst-case bound. 

1. Preliminaries 

The power set of a set U is denoted by 3?(U). The disjoint union of two 
sets U\,\]i is denoted by Ux W V%. We assume that trees are rooted and denote 
the root of a tree T by root(T). For every (gN, exp'(-) is a i-times iterated 
exponential, i.e., exp°(x) = x and exp'(x) = 2 oxp ( x \ 

For a set U and object x, we let (x £ U) be defined as 



To avoid cluttered notation, we may, for elements si, . . . , si and t±, . . . , t m , 
abbreviate s :— {sx, ■ ■ ■ , s;}, (s, s') :=sU {s'}, and (s, i) := st := s U i. 

1.1. Structures 

We fix a countably infinite set of symbols. Each symbol 5 has an arity r — 
arity(S) > 0. We distinguish between nullary symbols with arity zero and 
relation symbols that have arity greater than zero. Relation symbols with arity 
one are called unary. For convenience, we shall denote relation symbols by 
capital letters and nullary symbols by lower case letters. 

A vocabulary r is a finite set of symbols. We denote by null(r) the set of 
nullary symbols in r, by rel(r) the set of relation symbols in r, and by unary(r) 
the set of unary relation symbols in r. Let arity(r) = max{ arity(R) \ R £ 
rel(r) } be the maximum arity over all relation symbols in r. If null{r) = 0, we 
call t relational. 

Let r be a vocabulary. A structure srf over t (or r-structurc) is a tuple 
stf = [A, (R^)Rerei(T), (c^)cenuii(T)) ) where A is a finite set called the universe 
of stf ', and (R^ ') R^relM an d (c af ) c g nll ;;(r) are interpretations of the r-symbols 
in srf . Here, R^ C A antv ^ R ' > for each relation symbol R £ reZ(r). For a nullary 
symbol c 6 null{c) we either have c 5 ^ G A and say that c is interpreted in or 
we write = nil and say that c is uninterpreted. The set of nullary symbols 
interpreted in si is denoted by interpreted^^/). If all symbols are interpreted, 
we say the structure is fully interpreted, and partially interpreted otherwise. We 
note that a related concept of partially equipped signatures has been used in, 



The set of all r-structures is denoted by ST7Z(t). We shall always denote 
structures in script letters si ', 33, . . . and in roman letters A, B, . . . their corre- 
sponding universes. If the universe is empty, then we say that the structure is 
empty. Structures over a relational vocabulary r are called relational structures. 

For a structure we denote by vocabulary (&/) the vocabulary of s$ . 
For sets R — {Rx, ■ • ■ , Ri} Q rel{r) and c = {ci,...,c m } C null(r), we let 




e.g., [USEI 



G 



R* := {Bf* \ R E R}, and c rf :={c rf |ce cfl interpreted (si)} be their 
corresponding interpretations. 

Example 1. A graph (V, E) can in a natural way be identified with a structure S? 
over the vocabulary TGraph = ( a dj), where adj represents the binary adjacency 
relation. The universe of & is V, and we interpret adj as adj ^ = E in 5f . 

Let r be a vocabulary and {Ri, . . . , Ri, c\, . . . , c m } be a set of symbols, each 
of which is not contained in r. The vocabulary r' = (r, R\, . . . , Ri, c\, . . . , c m ) is 
called an expansion of r. Similarly if si is a r-structure and si' is a r'-structure 
that agrees with si on r, i.e., R^ — R^ for each R G rel(r) and — for 
each c G null(r), then we call ,sz/' a r'-expansion of si . If ja/ is a r-structure, 
and [/i, . . . ,Ui are relations over A, such that J7j C v 4 a "*y( fl i) ; 1 < i < i, and 
iti, ... , w m G A U {nil}, we write .e/' = (si , Ut, ■ ■ • ,Ui,uj_, . . . , u m ) to indicate 
that si' is a r'-expansion of si, such that Rf — Ui, 1 < i < I, and Cj = uj, 
1 < j < m. 

Let si be a r-structure and a = {oi,...,a m } C A. Then si [a] is the 
substructure of si induced by a, where si[a] has universe a, for each relation 
symbol R G r we have i?- E/ [ a l = i?-^ n a anty ^ R \ and miliary symbols c are 
interpreted as — c^ if c^ G a and become uninterpreted otherwise. 

Two r-structures si and S3 over the same vocabulary r are isomorphic, 
denoted by si = if there is an isomorphism h: A — > S, where /lis a bijection 
between A and i? and 

• c G interpreted (si) if and only if c G interpreted (S3) for all c G null(r), 

• h(c^) = for every miliary symbol c G interpreted^), and 

• for every relation symbol i? G r and oi,...,a p £ i, where p = arity(R), 

(ai,...,ap) eiF* iff OOl ),•■•, M%>)) G 

Definition 1 (Compatibility Union). We call two r-structures and ^ 
compatible, if for all nullary symbols c G interpreted(si\) n interpreted (s/2) we 
have c^ 1 = c^ 2 and the identity x 1— ?> x is an isomorphism between si\\A\ D A 2 ] 
and ,c/ 2 L4i n A 2 ]. 

In this case, we define the union of .e/i and si%, denoted by si\ U sii, as 
the r-structure with universe A :— A\ U A 2 and interpretations R^ u ^ ■= 
R^ 1 U i?^ 2 for every relation symbol R G r. Nullary symbols c G nuU(r) with 
c^ 1 = c 5 * 2 = nil remain uninterpreted in ^ U j2/ 2 ; otherwise c^ iU,e/2 = c * if 
c G interpreted (si) for some i G {1,2}. 

_Z.^. Treewidth and Tree Decompositions 

Tree decompositions and treewidth were introduced by Robertson and Sey- 
mour [3tJ in their works on the Graph Minors Project, cf. [1, H,H1|- 

A tree decomposition of a relational r-structure si is a tuple (T,X), where 
T = (T,F) is a rooted tree and ^ = (Xj)igT is a collection of subsets Xj C A, 
such that 
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for all p-ary relation symbols R E r and all (01, . . . , a p ) E i?'' 3 ', there is an 
i <E T such that {01, . . . , a p } C X,-, and 

for all i,ji,]2 E T, ii i is on the path between j'j and j'2 in 7", then 

Xj 1 n Xj- 2 c Xj. 



The sets Xj are called feags. The width of a tree decomposition is the size of 
its largest bag minus one, and the treewidth of a structure srf is the minimum 
width of all tree decompositions of srf . 

Without loss of generality, we assume that each tree decomposition we con- 
sider is nice. Nice tree decompositions are directed, where each edge in F has 
a direction away from the root, and have the following properties: Each node 
i E T has at most two children. For leafs i E T, we have Xi = 0. If i has exactly 
one child j, then there is a E A such that either Xi = Xj U {a} or Xi = Xj \ {a}. 
In the former case, we say i is an introduce node, in the latter case we call i 
a forget node of the tree decomposition. Finally, if a node i has two children 
ji and j2, then we require Xi = Xj 1 — Xj 2 and call such nodes join nodes. 
If i j is a directed path in T pointing away from the root, we say j 

appears below i in T. 

With every node i E T of a (nice) tree decomposition of a r-structure we 
associate a substructure ^ defined as follows: Let A; C ^4 be the set of objects 
in Xi or in bags Xj for nodes j below i in the tree decomposition. Then we let 
s$i := g/{Ai] be the substructure of &/ induced by A t . 

Computing the treewidth of a graph is NP-complete [3{|. However, the al- 
gorithms in this paper rely on a given tree decomposition of the input structure. 
For graphs G, there is a fixed-parameter tractable algorithm [40L [6| with a run- 
ning time of 2°( tw ( G ^ \G\, whose dependence on the treewidth might become 
a problem in practical applications. In a practical setting, heuristics seem to 



work well and often nearly optimal tree decompositions can be computed 41] ■ 
Using Gaifman graphs, one can also compute tree decompositions of arbitrary 
structures, cf., [8j, Section 11.3]. In the following, we therefore just assume a tree 
decomposition is given as part of the input. For more information on treewidth, 



we refer the reader to surveys such as [42], |4 



1.3. MSO Logic 

MSO logic over a vocabulary t, denoted by MSO(r), is simultaneously de- 
fined over all vocabularies r by induction. Firstly, for every p-ary relation 
symbol R E r and any miliary symbols ci,...,c p E t, MSO(t) contains the 
atomic formula R(ci, . . . , c p ). If R is unary, we may abbreviate R{c) as c E R. 
Secondly: 

• If (p, ij} are in MSO(r), then -up, ip V tp, and ip A ip are in MSO(r), 

• If <p E MSO(r U {c}) for some nullary symbol c, then both, Vctp and 3ctp 
are in MSO(r). This is called first order or object quantification. 
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• If p G MSO(r U {R}) for a unary relation symbol R, then both, MRp and 
3Rp are in MSO(r). The corresponding case is called second order or set 
quantification. 

Note that we do not distinguish between "basic" symbols (contained in a 
certain "base" vocabulary such as TQraph), and symbols that are used as variables 
subject to quantification. Let r be a vocabulary and tp G MSO(r) be a formula. 
Let t' C t be the smallest vocabulary with tp G MSO(r'). Then we call the 
symbols in unary(r') U tiuII(t') the free symbols of ip. Let \\ip\\ be the size of a 
suitable encoding of <p. 

If p> G {^cif),^Rip,tpxAtp2} for some c, R, ip, ip\, and ip2, we call p universal. 
Similarly, we call p existential if ip G {3c0, BRip, ipi V ip2}- 

If y does not contain set quantifiers, then we say p is first order and con- 
tained in FO(t). Note that in particular all atomic formulas of MSO(t) are first 
order. The quantifier rank qr(p) of a formula p G MSO(r) denotes the max- 
imum number of nested quantifiers in p, counting both first order and second 
order quantifiers, and is defined by induction over the structure of p as 

• qr(p) = if p> is an atomic formula, 

• qr(p) = qr(^p), 

• qr(p) = m&x{qr(ipi), qr(ip 2 )} if p G {ipi A ip2, ipi V ^2}, and 

• qr(p) — qr(ip) + 1 if tp G {VRip, 3Rip, Vcip, 3cip}. 

Without loss of generality, we assume throughout the paper that every for- 
mula is in negation normal form, i.e., the negation symbol -1 only occurs in front 
of atomic formulas. This can be achieved by a simple rewriting of the formula. 

For a fully interpreted r-structure &/ and a formula p G MSO(t), we write 
s>4 1= tp if and only if tp holds in si or is true in srf in the classical sense, 



cf. [4J, |35|. We shall do not specify this further, since we will switch to a 
game-theoretic characterization in the remainder of this paper, cf., Section [5J 

In Q, Extended MSO was introduced. Here, an MSO-formula over a re- 
lational vocabulary is given together with an evaluation or optimization goal 
over the unary relation symbols (set variables) . This principle was furthermore 
generalized to semiring homomorphisms in 4s] , where satisfying interpretations 
of the free relation symbols are to be translated into an appropriate semiring. 

In this paper, we shall consider MSO-definable linear optimization problems, 
also called LinMSO-definable optimization problems. It is not hard to see that 
the methods in this paper extend to other classes of MSO-definable problems, 
such as counting and enumeration problems. See, e.g., [lol Chapter 6] for an 
overview of MSO-definable problems and their algorithmic applications. 

Definition 2 (LinMSO-definable Optimization Problem). Let r be a relational 
vocabulary, R — {Ri, . . . ,Ri} C r be a set of unary relation symbols, <p G 
MSO(t), and t' = r \ R. Let a%, . . . , a; G Z and min := 00. 



9 



Then we call the problem of, given a r'-structure s$ ', computing 




^ a k \U k \ 



Ui C A, 1 < i < I, and (jif,Ui,...,Ui)\=ip 



a LinMSO- definable optimization problem. 
Example 2. Consider the following formulas: 

vc(R) = VxVy(-^adj(x, y) V x G RV y G R) G MSO(T Graph U {R}) 
ds{R) = Vx{x e R V 3y(y G R A adj(x, y))) G MSO{T Graph U {i?}) 

5co/ = 3R 1 3R 2 3R 3 (\/x(\/{x G A /\(->a; G i?, V -.jc G flj^A 

VxVyf^adjixty) v/\(^efi t V^e i?,)) J G M50(r Graj , h ) 



i=l 



Then, given a t Graph- structure & , 

min{ |C| | CC AA(9,C) \= vc}, 
min{ |D| | D C A A D) |= ds }, and 
min{ | ^ |= .JcoZ } 

encode the well known graph problems Minimum Vertex Cover, Minimum 
Dominating Set, and 3-Colorability, respectively. 

2. Model Checking Games 



The semantics of MSO in the classical sense (cf. [4J,[35|]) can be characterized 



using a two pla yer p ebble game, called the Hintikka game or model checking 



game, cf. [26|, [27|, [28 1 . 



A pebble game Q — (P, M, Pq,P\,pq) between two players, say Player and 
Player 1, consists of a finite set P of positions, two disjoint sets Pq,Pi C P 
assigning positions to the two players, an initial position po G P, and an acyclic 
binary relation M C P x P, which specifies the valid moves in the game. We 
only allow moves from positions assigned to one of the two players, i.e., we 
require p G Po U Pi f° r all (p,p') G M. On the other hand, we do allow that 
positions without outgoing moves are assigned to players. Let \Q\ :— \P\ be the 
size of Q. 

For p G P, we let nextg(p) = {p' G P \ (p,p') G M } be the set of positions 
reachable from p via a move in M. For any position p G nextg(po) we let 
subgameg(p) = (P, M, Pq, Pi,p) be a subgame of tj, which is issued from the 
new initial position p. The set of all subgames of Q is denoted by subgames(Q). 
If Q is clear from the context, we usually omit the subscript and write next(p) 
and subgame(jp). 
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A play of Q is a maximal sequence (po, . . . ,pi) of positions po, . . . ,pi-\ £ 
Po U Pi , such that between any subsequent positions pi and there is a valid 
move, i.e., (pi,Pi+i) £ M for < i < i— 1. Such a play is said to have I rounds 
and to end in position p;. 

The rules of the game are that in the ith round of the play, where 1 < i < 
J — 1, the player assigned to position p t has to place a valid move, i.e., has to 
choose the next position Pi+i £ next(pi). If no such position Pi+\ exists, or 
the position pi is not assigned to either of the players, the play ends. If the 
play ends in a position p\ with pi € Pi, where i £ {0, 1}, then the other player, 
Player (1 — i), wins the play. If, however, the play ends in a position pi with 
Pi Pq U Pi , then there is a draw and none of the players wins the play. The 
goal of game is to force the other player into a position where they cannot move. 

We say that a player has a winning strategy on Q, if and only if they can 
win every play of the game irrespective of the choices of the other player. For 
instance, Player has a winning strategy on Q if and only if either 

• po £ Po and there is a move (po,Pi) £ M such that Player has a winning 
strategy on subgameg(p\); or 

• po £ Pi and Player has a winning strategy on subgameg {jp\ ) for all moves 
(po,Pi) £ M. Note that this includes the case that Player 1 cannot move 
at all. 

A game Q is said to be determined or well-founded if either one of the players 
has a winning strategy on Q , otherwise Q is undetermined. 

We fix two special games _L and T on which the first player and the second 
player, respectively, have winning strategies. One can efficiently test whether 



one of the player has a winning strategy on a game Q, cf., 27ll28|. Algorithm [T] 
determines whether one of the players has a winning strategy on a game Q and 
returns either _L or T if this is the case. If none of the players has a winning 
strategy, the algorithm returns a corresponding "proof" , a list of all the plays 
of Q that ended with a draw. 

In the case of the model checking game, we call the two players the falsifier 
and the verifier. The verifier wants to prove that a formula is true on a structure 
(or, the structure satisfies the formula) , while the falsifier tries to show that it is 
false (or, the structure does not satisfy the formula). The reader may therefore 
call T "true" and 1 "false" . 

Definition 3 (Model Checking Game). The (classical) model checking game 
M.C(st ',ip) = (P,M,Po,P\,po) over a fully interpreted r-structure s/ and a 
formula Lp £ MSO(r) is defined by induction over the structure of tp as follows. 
Let po = (£?[(f^], if), where c = null{r). If <f is an atomic or negated formula, 
then MC{srf,ip) = ({po}, 0, Po, Pi,Po), where 



Po £ Po if and only if 

-<p = P(ci, ...,c p ) and (cf , ...,cf)eR 



'v 

i> = -P(ci, ...,c p ) and (cf , ...,<) i R** 



or 
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Algorithm 1 Evaluating a game. 



Algorithm eval(Q) 

Input: A game Q = (P, M, P ,P U p ). 
if £ G {T, _L} then return Q 

Let P' = {p }, M' = 0, P(J = P n {p }, and P[ = P x n {p }- 
for p' G next(p ) do 

Let (P",M',P,5',P 1 ",p^) = eval(subgame Q {p')). 

Update P' := P' U P" and P^ := P^ U P^', P{ := P{ U Pf. 

Update M' := M' U M" U {(p ,p ')} ■ 
Let Q' — (P',M',Pq,P{,po) and compute subgames(Q'). 
if po € Pq then 

if subgames(G') = {T} or subgames{Q') = then return T 

if _L G subgames(G') then return _L 
if Po e then 

if subgames(G') = {±} or subgames(Q') = then return _L 

if T G subgames(G') then return T 
return Q' 



• po G Pi if and only if 

- ^ = P(ci,...,c p ) and (cf,...,cf) £ R* , or 

- V = -P(ci,...,c p ) and (cf ,...,cf ) G P^. 

If ip £ {VPi/>, 3Rip} for some relation symbol P, let s/jj = (si ', U) for 
U C Abe the (r, P)-expansion of si with P^ = U, and let JWC(^t/,^) = 
(Pu, My, Po,c/, Pi,u,Pu) be the corresponding model checking game over si\j 
and V- Then MC(si,ip) = (P, M, P , P\,po), where 

. P = {po}UU C /ca^ i 

• M = \Juca( m u U {(po,Pt/)}), 

• Po = PoUlJt/cA ^0,(7, where Pg = {po} iff ip — VRip and Pq = otherwise, 

• Pi = Pi'UUc/ca p i,*7> where P{ = {pi} iff tp = 3Rip and P[ = otherwise. 

If ip G {Vc^, 3c?/;} for some miliary symbol c, let s/ a = (si, a) be the (r, c)- 
expansion of si with c^" = aei, and let A4C(sf a , ip) = (P a ,M a , Po, a , Pi, a, Pa) 
be the corresponding model checking game over s/ a and ip. Then A4C(s/, p) = 
(P,M,P ,Pi,p ), where 

• M = \J aeA (M a U{(p ,Pa)}), 

• Po = Pq U UaGA -fo.a, where Pq = {po} iS (p = Map and Pq = otherwise, 

• Pi = P[ U [j aeA Pi, a , where P{ = {pi} iff y> = 3ap and P( = otherwise. 
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If <p e {ipi A ^ 2 ,ipi V tp 2 }, let MC(si,tp) = (P^M^Pa^Px^Pj,) be 
the model checking game over si and ip € {ipx, V^}- Then MC(si, ip) — 
{P,M,P ,Px,p ), where 

• p = Wu^w^ 

• M = U^ 6Wl ,^ } (M^U{(po,j^)}), 



p o = Po u U^ 6 {Vi.t/'2} P °'V" where P o = {Po} iff V = V"i A ip2 and P^ 
otherwise, 



• Pi = P{ U U^eWx*} P ^v>' where P i = 0>i} iff ^ = ^1 V ^2 and P{ = 
otherwise. 

Note that the falsifier is the universal player and moves on universal formu- 
las, while the verifier is the existential player and moves on existential formulas. 
Furthermore, if the structure si is empty, then, by definition, si \= Vc-0 and 
si y= 3cip for all ip. In the model checking game, this corresponds to the case 
that there are no moves from the current position. Consequently, the play ends 
and the player assigned to this position looses. On non-empty structures, each 
play ends in an atomic or negated atomic formula. The goal of the verifier is to 
make the play end in a position (si',tfj) with si' |= ip, and conversely the goal 
of the falsifier is to force the play into an ending position (si' , tp) with si' ^= ip. 
It is well-known that the classical model checking game is well-founded [2(| and 
that the verifier has a winning strategy on AiC(si, tp) if and only if si |= tp, see, 



e.g., [221 



2.1. An Extension of the Classical Model Checking Game 

We shall now consider an extension of the model checking game that has the 
following two central properties: 

• It is defined for partially interpreted structures; and 

• it is "well-defined" under taking the union of structures in the sense that 
if one of the players has a winning strategy on the game on si and tp, then 
the same player has a winning strategy in the game on si U 33 and ip for 
all structures 38 compatible with si. 

Before we give the formal definition of the new game, let us briefly mention 
why we require these properties: Recall that we want to use the model checking 
game M.C(si, p) to decide algorithmically whether a r-structure si holds on a 
formula p G MSO(t). If ip contains set quantifiers, then there is a number of 
positions in M.C(si, tp) that grows exponentially with the size of A. In order 
to avoid exponential running time on structures of bounded treewidth, a tree 
decomposition (7~, X) of si, where T — (T,F), is traversed bottom- up by a 
dynamic programming algorithm. At a node i G T, we only consider the sub- 
structure sii of si. Let si' be some expansion of si. Then si[Ai] is in general 
not fully interpreted, which explains the first requirement. 
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For the second requirement, note that for each ieT there is a r-structure 3& \, 
such that srf can be written as srf = ^ U 3§i. The structure £$i is sometimes 
called the "future" of ^ in the literature. Therefore, if one of the players has 
a winning strategy in the game on ^ and p, we require that the same player 
has a winning strategy on srf = s^i U 3§i and p. 

In order to make the inductive construction work, we additionally need to 
distinguish the nodes in the "current" bag Xi of the tree decomposition. The 
game therefore additionally depends on a given set X = Xi C A. 

Definition 4 (Extended Model Checking Game). The extended model checking 
game £MC(&/,X,p) = (P, M, P , P\,Po) over a r-structure srf ', a set X C A, 
and a formula p e MSO(r) is defined by induction over the structure of ip as 
follows. Let po — (g/[X U c^],X,p), where c = null(r). If p is an atomic or 
negated formula, then £M.C{s^ , p) = ({po}, 0, -Po, Pi,Po), where 

• po € -Po if and only if either 

,c p } C interpreted (g/), and 
,c p } C interpreted (&/), and 

• po € -Pi if and only if either 

— p = R(ci, . . . , c p ), such that {ci,...,c p } C interpreted^), and 
«,...,<) gfl", or 

— <^ = -ii?(ci, . . . , Cp), such that {ci,...,c p } C interpreted^), and 
[cf ,.. .,<£)€ R". 

If </? G {VRip, 3Rip} for some relation symbol P, or </? e {i/>i /\ip 2 ,ipi v V^}, 
then £A4C(.f2/, X, y>) is defined analogously to AiC(&/ , p). 

If p G {Vct/>, 3ct/>} for some miliary symbol c, let .etf u = (g/ , u) be the 
(r, c)-expansion of ^/ with c^" = a G iU {nil}, and let £MC(g/ u , X, ip) = 
(P u , M u , Po }M , Pi, u ,Pu) be the corresponding extended model checking game 
over si u and ip. Then £MC(g/, X, p) = (P, M, P ,Pi,p ), where 

• P = {p } U HeAuinil} p u, 

« M = UueAu{nil}( M uU{(po,Pu)}), 

• Po = PqU \J ueAu{nil} Po.u, where P^ = { Po } iff <p = Vcip and P^ = 
otherwise, 

• Pi - P{ U \J ueAu{ail} Pi,u, where P{ = { Pl } iff p = 3crp and P{ = 
otherwise. 

For the games we consider throughout this paper, one can derive from a 
position p S P whether p e P or p e Pi (cf., the definitions of MC and SMC). 



— p ~ R(c\, . . . ,c p ), such that {ci,... 
(cf,...,cf)eP^,or 

— p = -iP(ci, . . . , c p ), such that {ci,... 
(c?,...,c?)$R". 
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Figure 1: Top: simplified schematic of £ A4C(&f, 0, tp) for the structure g4 with universe A = 
{a} and tp = 3Y\/x(x g Y). Bottom: eval(£MC(.rf . 0, ip)). The lower branch witnesses a play 
that ends with a draw. 

To avoid cluttered notation, we shall therefore usually omit the sets Pq and Pi 
from the tuple (P, M, P , Pi,po) and identify games with the triple (P,M,p ). 
Figure [1] shows a simplified schematic of an extended model checking game and 
the result after an application of the evaluation algorithm eval. 

If s/ is a fully interpreted structure, MC(s/, ip) can be embedded into 
£MC(s/, X, ip) such that for each play of MC(sf, ip) there is a correspond- 
ing, equivalent play of £A4C(sf,X,ip). Algorithm [2] effectively computes this 
embedding (Lemma[T|). Furthermore, if £ A4C (s/ , X , tp) is determined, then so 
is MC{s/,(f) (Lemma©. 

Lemma 1. Let si be a fully interpreted r-structure, X C A, and p £ MSO(t). 
Then, using Algorithm^ we have 

MC(sJ,p>) = convert(£MC(s/,X,tp)). 

Proof. The proof is an induction over the structure of (p. For atomic or negated 
atomic formulas, the statement trivially holds by definition of AiC(s/, ip), since 
subgames{£MC(s/,X,p)) = 0. Let Q = £MC(si,X,p) = (P,M,p ). 

Let <p € {VRtp, 3 Rip} or tp £ {tpi Aip2, tpi Vi/^} and tp £ {tpi, tp 2 } and consider 
p = (J$°,X,tp) £ nextg(p ). We have subgameg(p) = £MC(sf' ,X,tp), where 
either s/ 1 = (s/, U) is an (r, i?)-expansion of s/ for some U C i, or si' = sf, 
respectively. Since s/ is fully interpreted, si' is fully interpreted, and we obtain 
MC(si', tp) = convert (£ MC (s/ ' ,X,tp)) by the induction hypothesis. 

If otherwise ip £ {ictp,3ctp}, consider p = (J%?,X,tp) £ nextg(po). By 
definition, subgameg(p) = £M.C(si' , X, tp), where s/' is a (r, c)-expansion of si 
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Algorithm 2 Converting EMC to MC 

Algorithm convert(Q) 

Input: A game Q = (P,M,po). 

if G G {T, _L} then return Q. 

Let po = (Jif, X, ip) and c = null (vocabulary (Jt?)). 

Let pj, = (je[e"],tp), P' = {p' }, and M' = 0. 

for pi = (J^i,X,ip) G next(po) s.t. is fully interpreted do 

Let (P[,M' l ,p' 1 ) = convert(subgameg(pi)). 

Update P' :=P'U P[ and M' := M' U M( U {(Po.Pi)}- 
return (P',M',p' Q ) 



with G A U {nil}. If all constant symbols are interpreted in Jff, then 
^ nil, i.e., is fully interpreted. By the induction hypothesis we get 
MC(£/',ip) = convert(£MC(s/' ,X,ip)). 

Together, the statement follows. □ 

We now prove that if an extended model game is determined, then the 
corresponding player can win the game without using any further "nil-moves" . 
This will be useful in the proof of Lemma [3] 

Lemma 2. Let srf\ and stf<i be t -structures with A\ = Ai and c G null(r), 
such that c^ 1 = nil, R^ 1 = R^ 2 for all R G rel(r) and d^ 1 = d^ 2 for all 
d G null(r) \ {c}. Let p G MSO(t). 

If eval(EMC(M,X,(p)) G {T,_L}, then A\ ^ and 

eval(£MC(j^i,X,tp)) = eval(EMC(^ 2 , X,<p)). 

Before we give the formal proof, consider the following high-level argument: 
Suppose that eval(EMC(s/\ 1 X, ip)) = T. Then there is at least one play of the 
game £MC(j^\,X,ip) that is won by the verifier. Consider an arbitrary play 
(po,...,pi) won by the verifier and let pi = (Jtf?,X,ip). Since pi is assigned 
to the falsifier, all constant symbols occurring in ip are interpreted and hence 
different from c. The verifier can therefore win the game without depending on 
formulas where c occurs. 

Proof. The proof is an induction over the structure of ip. 

Let eval(£MC(s/i,X,p)) G {T,_L}. If tp is an atomic or negated for- 
mula, say (p = R(c\, . . . , c p ), then {ci, . . . , c p } C interpreted (s/i) . Therefore, 
A\ 7^ and for all 1 < i < p, we have c ^ c% and c i 1 = c i 2 , which implies 
eval(£MC(^x,X,ip)) = eval(EMC(j*2,X,<p)). 

If tp G {yRtp, 3Rip} for a relation symbol R, let U C A and ^ be the 
(r, i?)-expansions of srf\ and .e^, respectively, with R"*i = R"t> = JJ. Then 
by the induction hypothesis eval(£MC(s/{, X,ip)) = eval(£MC(^2j X,tp)) if 
eval(£MC(£/{, X, ip)) G {T, _L}. 

Similarly, if tp G {Vdip, 3dip} for a miliary symbol d, let sf[ and ^ be 
(r, (i)-expansions of srf\ and .2/2 , respectively, such that d^ 1 — d^ 2 . Then 
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by the induction hypothesis evd(£MC(s/{, X, ip)) = evd(£MC(si2 , X, ip)), if 
evd(£MC(si[, X, ip)) G {T, _L}. 

Finally, if <p G {ipiAip2,ipiV 1P2}, then from evd(£MC(sii, X,tp)) G {T,_L}, 
where ^ G {V>i, ^2}, we get evd(£MC(s>i{,X,ip)) = evd(£MC(si 2 \ X,ip)). 

Together, the statement of the lemma follows. □ 

We can now prove that if some player has a winning strategy in the ex- 
tended model checking game, then the same player has a winning strategy in 
the classical model checking game. 

Lemma 3. Let si be a fully interpreted t -structure, X C A, and tp G MSO(t). 
If eval(£MC(s/,X,p)) G {T,±}, then 

evd(MC(si,ip)) = evd(£MC(si,X,cp)). 

Proof. The proof is an induction over the structure of ip. 

Suppose evd(£ M.C{si , X, ip)) — T (the case _L is shown analogously). If <p 
is an atomic or negated atomic formula, then the statement clearly holds. If 
ip = ip% A ip2, then for each ip G {ipi, 1P2} we have evd(£ M.C{si, X, ip)) = T. 
This implies evd(MC(si , ip)) = T by the induction hypothesis, and there- 
fore evd(MC(si,(p)) = T. 

Similarly, if ip = VRip for a relation symbol R, then evd(£A4C(si l ', X, ip)) = 
T for each (r, i?)-expansion si' of si, each of which is fully interpreted. We get 
evd(M.C(si' , ip)) = T by the induction hypothesis. Hence, eval{MC(si , ip)) — 
T. 

If ip = \/cip for a miliary symbol c, then evd(£M.C(si' , X, ip)) = T for each 
fully interpreted (r, c)-expansion si' of si '. This implies evd(A4C(s/' ,ip)) = T 
by the induction hypothesis, and therefore evd(MC(s/,ip)) = T. 

If (p = ip\ V ip 2 , then there is ip G {^1,^2} with evd(£MC(si,X,ip)) = 
T. We get evd(MC(s/,tp)) = T by the induction hypothesis, and there- 
fore evd(MC(sf,(p)) = T. 

Similarly, if ip = 3Rip for a relation symbol R, then there is a (t, R)- 
expansion s/' of s/ with evd(£A4C(s/' , X, ip)) = T. Since si is fully in- 
terpreted, s/' is fully interpreted. Using the induction hypothesis, we have 
evd(MC(s/' ,ip)) = T and therefore evd(MC(s/ , ip)) = T. 

Finally, if ip = 3cip for a nullary symbol c, then there is a (t, c)-expansion .e/' 
of s/ with evaZ(£.MC( I 2/ / , X, ?/>)) = T. By Lcmma[2j we can assume ^ nil. 
Then si' is fully interpreted and we get eval(MC(s/' , ip)) = T by the induction 
hypothesis. Therefore evd{M.C{si , <p)) = T. □ 

We can significantly strengthen this statement further: If £A4C(s/, X, ip) is 
determined, then £ AiC(s/ U 3§,X,ip) is also determined for dl 33 compatible 
with si . Note that the union si U 38 arises on join or introduce nodes i of the 
tree decomposition, where X — Xj is the current bag, cf., Figure [2j 

Recall, for instance, the example 3-Colorability from the introduction: 
If a subgraph si' of a graph si is not three-colorable, then clearly si is not 
three-colorable either. The following lemma formalizes this observation. 
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Let us give a brief high-level explanation before we state the lemma and 
give its proof. Roughly speaking, if Q = £MC(srf ', X,<f) is determined, then 
moves to objects b G B \ A in Q 1 = £M.C(si U 3§, X, tp) are either "irrelevant" 
for a player's strategy or already "sufficiently" captured by moves to nil (cf., 
Lemma [2]). If therefore one of the players, say the falsifier, has a winning 
strategy in Q, then in some sense this winning strategy carries over to Q' . In 
the case of 3-Colorability, if is not three-colorable, then the falsifier has a 
winning strategy on £A4C(£f , X, 3col): No matter which three sets the verifier 
chooses, either these sets are not a partition or not independent sets. In either 
case there are witnessing vertices that the falsifier can choose. Thus, no matter 
which subsets the verifier chooses in Q' = £M.C(s^ U £3,X, 3col), the falsifier 
can then choose the same witnessing vertices to win each play of Q' . 

Lemma 4 (Introduce). Let srf and 3§ be compatible t -structures with B = 
A W {b}. Let X C A and <p g MSO(t). Let Q = £MC(sd \X,tp) and Q' = 
£MC(m,Xu{b},ip). 

1. If eval(Q) — T , then eval{Q') = T. 

2. If eval(Q) = _L, then eval(Q') = JL 

Proof. We prove the lemma by induction over the structure of ip. Let c = 
null(r). Let Q = (P,M,p Q ) and Q' = (P',M',p' ) with p Q = (Jf,X,cp) and 
p' = (JT' S X U {6}, tp), where J? = srf\X U &*] and Jf' = ®{X U {b} U <f\ 
Suppose eval(Q) = T (the second case eval(Q) = _L is proven analogously). 

Let f = R(c\, . . . , Cp) or if = ->R(ci, . . . , c p ) for a relation symbol R g t. We 
have eval(Q) — T, and hence, by definition Cj g interpreted^) for all 1 < i < p. 
Here, cf = cf — cf — cf for all 1 < i < p, since stf and SS are compatible, 
and therefore = R*"f\IP>, since H = H'\{b}. Hence, (cf, ...,cf)eR je 
if and only if (cf",. . . , cf) g and thus eval(Q') = T. 

Assume now that ^ = ip\ t\ ip2 or 99 = tp\W ip2- By definition, for each 
V-> g {^l,^} there is a subgame (/^ = £AiC(^,X,ip) G subgames(Q) and a 
subgame ^ = £A4C(^, X U {6}, t/>) g subgames(Q'). By the induction hypoth- 
esis, eval(Q'^) — T if eval(Q^) = T, and hence eval(Q') = T if eval(Q) = T. 

If ip = VRip or ip — 3Rip, then for each U C A there is a subgame Qu = 
£A^C(( 1 a/, J7), X, tp)) G subgames(Q), and for each U' C B there is a subgame 
= 5MC((^, U'),X U {6}, V)) g subgames{g r ). 

If if = VRip, consider an arbitrary U' C B and let U = U' \ {&}. We know, 
by definition of eval(Q), that eval(Qu) = T. Furthermore, (s^,U) and (£3,U r ) 
are compatible, and therefore, by the induction hypothesis, also eval(Q[j,) = T. 
Therefore, eval(Q[j,) = T for all [/' C B, and hence eval(Q') = T. 

If otherwise <y9 = 3i?-0, then there is some [/ C A such that eval(Qu) = 
T. Since (g/,U) and (3$,U) are compatible, eval(Q' v ) — T by the induction 
hypothesis. Therefore, eval(Q') — T. 

If </? = Vct/i, consider an arbitrary (r, c)-expansion of and let srf 1 := 
^[A]. Note that if c*' ^ 6, then c^' = c^' € A, and if c*' = b or c*' = nil, 
then = nil. In either case, srf' and 3$' are compatible. We know, by 
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Figure 2: Introduce (left): If &f and SS are such that b( = SS\A\, then winning strategies 
for £MC(£?, X, tp) carry over to SMC(3S, X U {b},tp). Join/union (right): If at and are 
compatible, then winning strategies for £. A4C(.e/, X, tp) carry over to £AiC(.s/ U Si, X, (f). 

definition of eval(Q), that eval(£A4C(s/',X,rp)) = T. Hence, by the induction 
hypothesis, eval(£MC(M',X U {b},ip)) = T. All in all, eval(g') = T. 

Assume now that tp — 3cip. Since eval(Q) — T, we know that there is a 
(r, c)-expansion s/' of s/, such that eval(£ MC(s/', X, tp)) = T. Let 38' the 
(r, c)-expansion of 38 with c 39 = d* . Then s/' and 38' are compatible, and 
using the induction hypothesis as above, we obtain eval(Q') = T. □ 

Corollary 1. Let s/ and 38 be compatible r -structures with A C B. Let X C A 
and tp 6 MSO{t). Let Q = £MC(s/,X,tp) and Q' = £MC{38, X U {B \ A),tp). 

1. If eval(G) = T, then eval(Q') = T. 

2. J/ ewaZ(C?) = _L, then eval(Q') = ±. 

Proof. We use Lemma 2] and induction over \B\A\. Let eval(Q) G {T, T}. 

If B \ j4 = and therefore s/ = 38, the statement clearly holds. Otherwise, 
consider be B\A and let s/' = (sf U U {6}]. From eval{Q) G {T, T} we 

get eval(£MC(sf' , X U {o},<^) = evaZ(£) by Lemma H 

We can now use the induction hypothesis on s/' ', ^ and A U {6}, since jz/' 
and ^ a compatible and |U \ A'\ < \B\ A\, and obtain eval(Q') = eval(Q). □ 

The forget operation at a node i of a tree decomposition does not change 
the underlying structure s/i. It is therefore not surprising that any winning 
strategies carry over. 

Lemma 5 (Forget). Let si be a r -structure, X' C A C A and tp G MSO(t). 
Let Q = £MC{sf, X, tp) and G' = £MC(s/, A', tp). 

1. If eval(Q) = T , then eval(Q') = T. 

2. If eval{g) = JL, t/ien eval\g') = JL. 

Proof. Let = (P, M, P , P 1 ,p ) and 0' = (P' , M' , P^, P[,p' ). It is not hard 
to see that 5 and 5' are almost identical, the only difference being slightly dif- 
ferently labeled positions: By definition, p = (Jtf, X, tp) and p' — (Jf r , A', tp), 
where Jtf = s/[X U &*] and Jif" = sf[X' U <?*]. In particular, p G P% if and 
only if p' £ P/, where i £ {1, 2}. By induction over the structure of tp, the claim 
then easily follows. □ 
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Finally we show that the same holds for join nodes of a tree decomposition. 
Note that the corresponding operation on structures is the union. 

Lemma 6 (Join/Union). Letsrf,38 be compatible r-structures, X = Ap\B, and 
<peMSO(T). Letg = £MC{s/,X,ip) and Q' = £MC(stf U 38, X, ip). 

1. If eval(Q) — T, then eval(Q') = T. 

2. If eval{Q) = J_, then eval{Q') = JL. 

Proof. Let eval(£MC{s? ,X,ip)) G {T,_L}. By Corollary ED eval(£MC(sd U 
38,XU(B\A),ip)) = eval(£MC{srf,X,ip)). The claim then immediately follows 
by Lemma [5j □ 



3. Reducing the Size of Games 

In this section we show that for every game Q — (P, M, Pq) = £M.C{s£ , X, <p) 
one can construct a game Q' = (P',M',po) such that eval(Q) — eval(Q') if 
eval(Q) 6 {T, JL}, but P' C P and M' C Af are typically much smaller than 
P and M. This will be crucial for obtaining the desired running times of our 
algorithm. We first define a suitable notion of equivalence between games. 

Definition 5 (Equivalent Games). We say that two positions p\,P2 are equiv- 
alent, denoted by p\ = pi iff 

• pi = (J#i , X, ip) and pi = (J^2 , X, ip) for some formula tp and set X C 

• there is an isomorphism h: Hi — > Hi between M\ and Mi, such that 
h(a) = a for all a £ X. 

We say that two games Qi = (Pi,Mi,pi) and Qi = (Pi, M 2 ,p 2 ) are equiva- 
lent, denoted by Q\ =Qi, if p\ = pi and there is a bijection 7r : subgames(Q\) — > 
subgames(Qi), such that Q' = 7r(^') for all 5' G subgames(Q\). 

We now define a reduce operation that significantly shrinks the size of a 
game Q (see Algorithm [3]) . Firstly, subgames won by the opponent player are 
removed. If, for instance, the formula is universal, then the falsifier can safely 
ignore subgames that evaluate as T, i.e., for which the verifier has a winning 
strategy. For example, it is easy to see that we can remove the two subgames 
T and J_ in Figured] 

Secondly, we only need to keep one representation per equivalence class 
under = for all undetermined games. Here, we use the fact that eval(Gi) — 
eval(Qi) for any Q\, Qi with Q\ = G%- We will not explicitly prove this claim. If, 
however, Q\ = £M.C(s#\,X,ip) and Q 2 = £MC(g/i, X, ip) for some r-structures 
s$\ and J3?2, for X C A\ n Ai and ip G MSO(r), then the bijection it in- 
duced by the definition of = yields a bisimulation between £M.C(s^\, X, ip) and 
£MC(gf 2 ,X,tp). In particular, if both Q\ and Qi are subgames of the same 
game , then it suffices to keep either subgame as "witness" for possible win- 
ning positions for the respective player in the model checking game. Thus, 
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Algorithm 3 Reducing a game. 
Algorithm reduce{Q) 

Input: A game Q = (P, M,p ) with p = (Jff, X, tp). 
if Q E {T, _L} then return Q 

if tp is an atomic or negated atomic formula then return eval(Q) 
Let P' := {p Q } and M' := 0. 
for p E next(po) do 

Let = (P[,M{,p') := reduce(subgame g (p)). 

if <p is universal and 5' = _L then return L 

if </? is existential and Q' = T then return T 

if £' <^ {T, 1} and 0' ^ £" for all Q" E subgames((P' , M',p )) then 
Update P' := P' U P{ and M' := A/' U M( U { (p , ?>')}• 
if P' = {po} then return eval((P', M',p )). 
return (P',M',p ) 



removing equivalent subgames from a game Q can be seen as a variant of taking 
the bisimulation quotient (cf., [iH Chapter 7]) of C?. 
See Figures [3] and S] in Section [6] for two examples. 

Lemma 7. Let g/ be a t -structure, X C A, and <p E MSO(t). Let Q = 
£MC(£/,X,ip). Then 

• eval(Q) — T, i/ and onZy i/ reduce(Q) — T , and 

• eval{Q) = _L ; if and only if reduce(Q) = _L. 

Proof. Let 5 = (P, M, po ) , where po = A', yj) . Without loss of generality, we 
assume that 5 ^ {T, _L}. We only show the first case (T), the second statement 
is proven analogously. The proof is an induction over the structure of ip. If ip 
is an atomic or negated atomic formula or P = {po}, then the statement holds 
by definition of reduce(Q). For the induction step, assume (p is not an atomic 
or negated formula, and next(j>a) ^ 0. 

Let G P = subgameg(p) for all p E next(po) and let eval{Q) = T. If tp 
is existential, then there is p E next(po) with eval(Q p ) = T. By the induction 
hypothesis, reduce(Q p ) — eval{Q p ) = T, and therefore reduce(Q) = T. Similarly, 
if ip is universal, then eval(Q p ) = T for all p E next(po). By the induction 
hypothesis, reduce{Q p ) = T for each p E next(po). Hence, we have P = {po} 
after the for-loop. Since tp is universal, the call to eval((P' , M' ,Po)) returns T 
by definition, and therefore reduce(G) = T. 

Conversely, let reduce(G) = T. If tp is existential, then there must be 
some p E next(po) with reduce(Q p ) = T. Assume for a contradiction that 
reduce(Q p ) = _L for all p E next(p ). Then P' = {po} after the for-loop, which 
implies eval((P', M',po)) = JL, a contradiction. Let therefore p be such a posi- 
tion with reduce(Q p ) — T. Then, by the induction hypothesis, eval(G p ) = T for 
this p, and therefore also eval(Q) = T. If tp is universal, then we know P' = {po} 
after the for-loop, as this is the only possibility how reduce{Q) can return T. 
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Therefore, reduce{Q p ) = T for all p G next(po), and hence eval{Q) — T by the 
induction hypothesis and definition of eval(Q). □ 



Now we prove an upper bound for the size of a reduced game. Since this is 
a general upper bound for arbitrary formulas and structures, we cannot expect 
better bounds than the known lower bounds (unless P = NP) [2]. 

Definition 6 (Equivalent Structures). Let r be a vocabulary and ip g MSO(t). 
Let s^\,s^% be two r-structures and X C A\ n A 2 . 

We call si\ and equivalent with respect to ip and X , denoted by =x,tp 
&f 2 , if reduce(£MC(&fi,X,<p)) = reduce(£MC(£/ 2 ,X,ip)). 

For an arbitrary set X of objects, we let 

STTI(t, X) = { si G STK{t) ICA} 

be the set of all r-structures that contain X, and ST1Z(t, X)/=x,cp the set of 
equivalence classes of STH(t,X) under —x,tp- We let 

Nx, v ■= \STK(t,X)/= x J- 

Lemma 8. Let r be a vocabulary, <p G MSO(t), and X be a set of objects. Then 

N x , v <ex P ^ +1 ((\X\ + l)°^), 

where \\ip\\ is the length of an encoding of ip. 

Proof. Without loss of generality, we assume r is minimal such that ip G MSO(r) 
and therefore \\ip\\ > max{|r|, arity(r)}. We prove the claim by induction over 
the structure of ip. 

If ip is an atomic or negated atomic formula, let c = null(r), and srf G 
STK(t,X). Let = reduce(£MC(£f,X,ip)). Then either G {T,J_}, 
or = (P,M,p ), where p Q = (Jf,X,<p) and J? = $f\X U (f*\. Hence, 
Nx,<p depends on the number of non-isomorphic structures on at most n := 
\X\ + \c si \ < \X\ + \ null{r)\ objects. For a fixed relation symbol R G r, there 
are 2 n "" tyl ' R> ways to choose the interpretation R 3 ^ . The total number of non- 
isomorphic r-structures over at most n objects is therefore bounded by Nx <p < 
exp 9r(v)+i((|x| + l)O(llvll)). 

If <p = ipx A ip2 or ip — -01 V -02, then qr(<p) — max{gr(V>i), qr(ip2)} and 
IIV'ill + IIV^H < IMI- Furthermore, by the induction hypothesis we get Nx,^ < 
expViri+HQXl + 1)°(IW*ID). We conclude that N x v = 0(N X ^ • N x ^ 2 ) < 
exp 9Kv)+i((|x| + 1)°(IMD). 

If ip € {Vc-0, Bop, VRip, 3Rip}, then gr(-0) = qr(ip) - 1, ||0|| < IMI, and, by 
the induction hypothesis, N x ^ = exp« r M +1 ((|X|-K)° (W) ). Since reduce () ig- 
nores equivalent subgames, the total number Nx <p is upper-bounded by 2 Nx ^ < 
exp 9r(v)+i((|x| + l)O(IMD). ' □ 

Lemma 9. Let be a r-structure, X C A and ip G MSO(t). Then 

\reduce{£MC{jz?,X,tp))\ < exp« r ^ +1 ((|X| + 

where \\ip\\ is the length of an encoding of ip. 



22 



Algorithm 4 Combining two games. 
Algorithm combine(Q\,Q 2 ) 

Input: Two games Q l = (Pi, Mi, pi) with p t = (3%, Xi,ip), 
where J$fi and are compatible r-structures, 
Xi C H h and ip e MSO(r). 

Let po := (J% U Jf 2 ,X x U X 2 , ip), P := {p } and M := 0. 
for each (p[,p' 2 ) € next(pi) x next(p 2 ) do 

Let pi = (J^Xi.^i) and p 2 = (J^', X 2 , 2 )- 
if 0i = "02 and J^' and are compatible then 

Let (P 1 , M' ,p' ) — combine(subgameg 1 (p' 1 ), subgameg (j>' 2 )). 
Update P := PUP' and M := M U M' U {(pcbPo)}- 
return reduce ((P, M,p )) 



Proof. We use induction over the structure of ip. If ip is an atomic or negated 
atomic formula, then Q = £M.C(srf, X, ip) contains only a single position and 
reduce(Q) 6 {T, _L, Q}. 

If ip. = A -02 or ^ = 0i V 02, let, for i E {1, 2}, be = £ A4C(,e/, X, 0i). 
By the induction hypothesis, \reduce(g^)\ = exp* r ^) +1 ((|X| + l) (ll^ll)) where 
qr(ipi) < qr(ip) and ||0i|| + ||0 2 || < \\tp\\, and therefore, 

\reduce(Q)\ < 1 + \reduce(Q^ 1 )\ + \reduce(Q^ 2 )\ 

<exp 9r(¥,)+1 ((|A0 + l) o(llvll) ). 

If otherwise ip € {Vc0, 3c0,Vi?0, 3i?0}, then qr(ip) = qr(ip) — 1 and ||0|| < 
|| ip || . Since equivalent subgames are ignored, 

|rerf M ce(g)| < 1 + N x ^ ■ exp qrW+1 ({\X\ + l) ^!!)) 

<exp 9r(v)+1 ((|X| + l) 0(llvll) ). 

□ 

4. Combining and Extending Games 

In this section, we show how model checking games on structures can be 
computed inductively. We will introduce two algorithms: Algorithm |4] will 
be used when structures are combined, i.e., taking the union of two compatible 
structures. This happens at join and introduce nodes of the tree decomposition. 
Algorithm [5] will be used when objects are removed from the set X, which 
happens at forget nodes of the tree decomposition. We first will study the case 
of combining games. The next lemma is required for technical reasons. 

Lemma 10. Let s$\ and stf 2 be compatible r-structures, tp € MSO(t) and let 
Xi C A 1 and X 2 C A 2 with A x n A 2 = X\ D X 2 . Let, for i e {1,2}, Hi = 
reduce(£A4C(£/i, Xi,ip)) ^ {T,_L} and Qi = (Pi,Mi,pi) = IZi, where pi = 
(Ml, Xi, ip). Then M\ and are compatible. 
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Proof. Let c = null(r). Since Gi — ftj, we have, by Definition [SJ M'i = .c^[Xj U 
c^] for an isomorphism hi with /ii(a) = a for all a G Xj. 

By definition, c 4 = { cr* \ c G cfl interpreted(,e/i)}, and therefore c G 
interpreted (s^i) if and only if c £ interpreted (3%) . 

If G i?i H i?2 5 then in particular cH** G Ai n A 2 C X;. Hence, c* 5 = 
hi(tr^) = c^ 1 . Since M and ^ are compatible, c^ 1 = c^ 2 for all c*** G AinA 2 , 
and therefore c^ 1 = e^ 2 for all G J?i D -H2 ■ 

Accordingly, ^ and are compatible. □ 

We now prove that for a structure srf with = srf\ U ,2^2 the reduced model 
checking game reduce(£M.C(s^ ,X,(p)) can, up to equivalence, be computed 
from fti = reduce (£A4C(,sz/i, X, if)) and 72.2 = reduce (£hAC (^2, X, <£>) ). Here, 
combine (TZ\,TZ 2 ) essentially computes the Cartesian product of plays in the 
games over si\ and ^/ 2 , respectively. This is possible because each set U C A can 
be split intoC/nAi and U D A 2 , such that (M, CnAi)u(^, C7nA 2 ) = {st,U). 
Similarly, each interpretation of a miliary symbol is either nil, or contained in 
AiC\A 2l in Ai\A 2 , or in A 2 \Ai (cf., Figured]). These cases can be reconstructed 
from the respective subgames on s/\ and srf 2 . 

Lemma 11. Let s$\ and £$2 be compatible r -structures, if G MSO(t) and let 
Xi C At and X 2 C A 2 w'i/i A x n A 2 = Xi n X 2 . Let, for i G {1,2}, ft 2 = 
reduce(SMC(^i,Xi,(p)) <£ {T,i_} and 0; = ft,. Then 

reduce(£MC(£/i U£/ 2 ,Xi LI X 2 ,ip)) = combine^, </ 2 )< 

Proof. The proof is an induction over the structure of if. Let srf — sd\\Jsd 2 , X — 
XiLlX 2 , andc = null(r). LctK = (P n ,M n ,p n ) = reduce(£MC(^ ,X,ip)) and 
G = (P Q ,M G ,p Q ) = combine^, Q 2 ). Let, for % G {1,2}, ft = (P Qi , M Gi ,pg z ) 
and p Gi = (J%,Xi,ip). 

By Lemma [POl M\ and M2 are compatible. Furthermore, [Xj U ] = Jrffi, 
and thus ,fi/[X U c^] = ^[Xi U c^ 1 ] U ^[Xa U c- 5 * 2 ] U JT 2 . 

If ^ ^ {T, _L}, then p K = (,t/[X U c^], X, p). Therefore, 

p TC = (^[X U 6*], X, (^ U Xx U X 2 , = p s . 

Let (/? be an atomic or negated atomic formula. If ft ^ {T, _L} the lemma 
already holds with above considerations. Therefore consider the case ft G 
{T,_L}, say ft = T. Then eval(£MC(tff, X, <£>)) = ft = T by Lemma [3 
Therefore, ft = T if and only if the verifier wins the play (pa), where po is 
the initial position of £M.C(s/[X U c ],X, (p). The claim then follows, since 
p a = (V [X U c^],X, if) = p g , where in particular ^[lUc rf ] ~ Ji U ^ and 
X = X!UX 2 . 

For the induction step, we distinguish the following cases. 

Case ip = ipi A V>2 or if = i\) 2 . 

Let, for?/) G {?Ai, -02}, ft^ = reduce(£ MC(gf, X, tp)) and, for each i G {1,2}, 
be fti,^ = reduce(£MC(£/i, Xi, ip)). 
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Consider tp 6 {^1,^2} with ^ {T,_L} and suppose there was i € 
{1,2}, say i = 1, with K 1M , £ {T,T}. Let = fMC(4,li,^) and 

= £MC(£?,Xi U A 2 ,t(}). By Lemma evaHUi^,) £ {T,±}, and there- 
fore by Corollary [U eval(U^) £ {T,_L}. Since Xi U X 2 C ^ U i 2 , also 
eval(£/, Xi UX 2 ,-0) £ {T,_L}. This contradicts ^ {T,_L} via Lemma[7l 

Therefore, we have IZi.^j, £ {T, _L} for each i G {1,2}, which implies 7^ ^ 
{T, _L}. Since ft = 7?..; for i £ {1,2}, there is Gi,tp £ subgames(Gi) with Gi,4> = 
TZi^. The algorithm combine (Gi,G2) will eventually call combine(Q \ ,,/,, <?2,i/>) • 
Then, by the induction hypothesis, subgames (combine (Gi, ft)) contains the re- 
quired subgame combine (ft.,/,, ft,?/;) — TZip- 

Conversely, let ip £ {ipi, ^2} and (Gi,tp, ft,i/>) £ subgames(Gi)x subgames(G2) 
such that combine (Gi,G 2) recursively calls combine(Gi.ip,G 2 ,ip)- From ft — TZ% 
we get Gi,ip — Tti,ip- Then combine (ft,,/,, Gi,^) — TZi/i by the induction hypothe- 
sis. 

Together, the statement of the lemma follows. 

Case ip — VR'ip or ip — 3Rip. 

Consider an arbitrary U C A and let 1Z' = reduce (£ A4C , X, ip)), where 
s*' = {sf,U) with = U. For i £ {1,2}, let U t = U n A, and 1Z' t = 

reduce{£MC{sz?l ,X t ,i>)), where = (M,U t ). If W £ {T, _L}, then 7^ ^ 
{T, _L} for each i £ {1,2} by using a combination of Lemma [7] and Corol- 
lary HJ Therefore, 1Z t £ {T, _L}. Since Gi = Hi, there is G[ = (P-,M<,p'A £ 
subgames(Gi) with ft' — TZ\- Let p\ = (JffJ ,Xi,ip). Since s/[ and ^ are com- 
patible and G[ — fi-'i, we by Lemma [TU] have that J£f and are compatible. 
Therefore, the algorithm eventually recursively calls combine(G[,G'2)- By the 
induction hypothesis, combine (G[,G '2) — TV ■ 

Conversely, assume the algorithm recursively calls combine(Q '(,^2), where 
G[ = (P/,M/,pQ e subgames(Gi) for each i g {1,2}. From ft = 1Z % we get 
ft' = reduce(£MC(ji/ i ',Xi,il>)), where j// = (M,C/ 4 ) for some U % C A*. Let 
Pi = (Jf/ ,Xi,tp). Since and J^2 are compatible and A\ PI A2 C Xi C iJ;, 
also ^ and £/ 2 ' are compatible. Therefore, the induction hypothesis implies 
combine(g' 1 ,G' 2 ) - reduce(£MC(srf' ',X,ip)), where ^" = (.e/, E/i U Z7 2 ) with 
= Ui U f7 2 - 

Together, the statement of the lemma follows. 

Case ip = Wcip or ip = 3ci/>. 

Consider a (r, c)-expansion srf' of srf and let TV = reduce (£ A4C , X, ip)). 
Let, for i £ {1,2}, jrf! = srf'[Ai] be the (r, c)-expansion of with c< = c a ' 
if d*' £ Ai, and <r< = nil otherwise. Let K' z = reduce(£MC(srf( ,Xi,iji)). If 
1Z' £ {T, _L}, then TZ\ £ {T, _L} by a combination of Lemma [7] and Corol- 
lary ID Therefore, TZ t £ {T,_L}. Since ft S there is ft' = (P^M'^p'A £ 
subgames(Gi) with ft' = 7?.-. Let p- = (Jf^ ,Xi,ip). Since ^ and ^ are com- 
patible and ft' = TZ'i, Lemma [TOl implies that and J^' are compatible. The 
algorithm therefore eventually calls combine(G[, G^)- By the induction hypoth- 
esis, combine (G[,G2) — 7Z' ■ 
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Algorithm 5 Forgetting an object. 
Algorithm forget{Q , x) 

Input: A game Q = (P, M,po) with p = (■^*, X, <p) and i£l 

if there is c G interpreted (Jif) with = a; then 

let p' = (J4?,X\{x},<p) 
else let p(, = (Jt[H \{x}],X \ {x),<p). 
Let P' = {p' } and M' = 0. 
for each Q' G subgames{Q) do 

Let {P",M"^)=forget(g'). 

Set P' := P' U P" and M' := M' U M". 
return reduce((P' , M' ,p' )) 



Conversely, assume the algorithm recursively calls combine(Q' 1 ,Q' 2 ), where 
Q{ = (P-,M-,Pt) G subgames(Qi) for each j G {1,2}. From ^ = TZ t we get 
5,' — reduce {srf! , Xi,ip) for some (r, c) -expansion s#l of Since ^ and 
are compatible and A\C\ A 2 C A,; C Pj, also ^ and .e^' are compatible. By 
the induction hypothesis, combine(Q' 1 , Q' 2 ) = reduce(£MC(s/' , X,ip)), where 

^" = ^ u ^4'. 

Together, the statement of the lemma follows. □ 

Lemma 12. Le< srf be a r-structure, X C A and x G A. Le£ G MSO(t) and 
G = reduce(£MC{s>/,X,p)) £ {T,_L}. T/ien 

reduce(£MC(^,X\ {x},p)) = forget (G,x). 

Proof. We use induction over the structure of ip. Let c = null(r), A' = A\ {x}, 
P' = {Pn>,M n ,,p n ,) = reduce^, X \{x},tp). Let = (Pg,P e ,p e ) with 
p g = (Jf,X,(p). Here, ^^[lUc rf ], since 5 = reduce (£ MC , X, ip)). 

If (f is an atomic or negated atomic formula and TZf £ {T, JL}, the statement 
holds since p-ji' = {^[X' U &*], X', ip) by definition. 

If otherwise ip is an atomic or negated atomic formula and TV G {T, _L}, 
let = 3V\H \ {x}} if C* ^ x for all c G interpreted (Jf) , and J€" = Jff 
otherwise. If W G {T, 1}, then evaZ(£ MC(i</, A', <p)) = P' by LemmaH Since 
M" = fi/[X'\Jc*], we have eoal(SMC{*/,X',tp)) = eval(£MC(J#", A', tp 1 )) 
and 

ew!(£MC(if',l'^')) = redwce(fJ\4C(^",X' )¥ j)) = forget{g,x). 

For the induction step, let Q' G subgames(Q) be an arbitrary subgame of Q. 
Since 5 = reduce(£MC(gf,X,(p)), we know that CJ' = reduce(£MC(s/' ,X,tf>)) 
for some expansion of srf and subformula "0 of p. By the induction hypoth- 
esis, 

forget{g',x) S reduce (£ MC , X \ {x}, tp)). 

Conversely, if 1Z" = reduce(£M.C(srf' ', A \ {x}, -0)) is a subgame of P', then 
P" £ {T,_L}. This implies reduce (£ MC , X, 0)) £ {T,_L} by Lemmas [5] 



2G 



and[7J Therefore, there is Q' £ subgames(Q) with Q' = reduce (£ MC ', X,tp)). 
By the induction hypothesis, 1Z" = forget{Q',x). 

Together, the statement of the lemma follows. □ 

Finally, we come back to Algorithm[2]and show that its correctness translates 
to reduced games. 

Lemma 13. Let srf be a fully interpreted r -structure, X C A, and ip £ MSO(t). 
Let Q = reduce{£MC{.sf,X,p)). Then 

eval{AiC{s/ ,p)) — eval(convert(Q)). 

Proof. We prove the statement by induction over the structure of p. Recall that 
M — MC(stf,X,p) is determined and hence eval(M) £ {T,_L}. 

If g £ {T, A.}, then Q = convert^). We get Q = eval(£MC(srf , X, ip)) from 
Lemma [7] and therefore, using Lemmma|3]for the first equality, 

eval(MC(£/,(p)) = eval{£MC{^, X, p)) = Q= eval{Q) = eval{convert{Q)). 

Let therefore Q = (P,M,p ) ^ {T,_L} with p — (Jf?,X,(p) and sup- 
pose eval(M.C(&? , p)) — T (the case _!_ is shown analogously). For atomic 
or negated atomic formulas, the statement holds since, by definition, Q = 
reduce(£MC(£/,X, p)) = £MC{^,X,p), and hence MC(sd,ip) = convert{Q) 
by Lemma [TJ 

If p £ {VRip,3Rip}, say p = VRip, consider U C A and let srf' = (*f,U) 
with R^' = U. If there is Q' £ subgames{G) with Q' = reduce (£MC X, ip)), 
then eval{M.C{sz$' ', p)) = eval(convert(Q')) by the induction hypothesis. If oth- 
erwise there is no such Q 1 in subgames(Q), then reduce (£ M.C 1 , X, ip)) = T by 
definition of reduceQ, since Q ^ {T, _L}. By Lemmas [7] and [TJ we then conclude 
eval(MC(s/' , ip)) = T. Together, the lemma follows. 

Similarly, if ip £ {ipi A ipi,ip\ V 1P2}, then for ip £ {ipi , 1P2} either there 
is Q' £ subgames(G), such that Q' = reduce (j^,X,ip), or there is no such Q' 
contained in subgames{Q). In the former case we again obtain eval(MC,ip) = 
eval(convert(Q')) by the induction hypothesis, and in the latter case we can 
again argue that Q' = reduce{£MC{srf , X, ip)) G {T,_L}. 

Finally, let p G {Vcip, Bcip}. For any a £ A and srf' — (sd ', a), where 
cf* = a, we argue analogously to the previous cases that either there is Q' £ 
subgames(Q), such that Q' = reduce(s/' , X, ip), or there is no such Q' contained 
in subgames(G), which implies Q' = reduce (£MC , X, ip)) £ {T, L}. 

Hence, consider the (t, c)-expansion of &/ with = nil. If there 
is Q' = (P',M',p' ) £ subgames{g) with Q' = reduce(£ MC{s/' , X, ip)), then 
Q' {T,_L}. In particular, Q' = (Jff" , X , ip) , where Jtf?" is not fully inter- 
preted. Therefore, convert(Q) removes the subgame Q' from Q. In either case, 
convert(Q) does only contain subgames where c has been interpreted as an ob- 
ject in A, as considered above. Together, the statement of the lemma then 
follows. □ 
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5. Courcelle's Theorem 



We can now reprove Courcelle's Theorem for LinMSO-dcfinable optimization 
problems. Throughout this section, we shall abbreviate reduce (si, X, p) := 
reduce (SMC (si, X, p)). 

Theorem 2. Fix a relational vocabulary t , a set R — {R\, ■ ■ ■ , Ri} C unary(r) 
of unary relation symbols, andr' =t\R. Let p e MSO{r), and w,a\, . . . ,ai € 
Z be constants. Given a r' -structure si together with a tree decomposition 
(T,X) of si having width at most w, where T = (T,F) and X = (Xj)jgTj 
one can compute 



mm< 



5> fc |i/*i 

k=l 



UiCA, 1 < i < I, and {sf, Ui, ... , U t ) \= tp 



in time 0(\T\). 



The remainder of this section is devoted to the proof of this theorem. We give 
an algorithm that essentially works as follows: In a first phase, the algorithm 
uses dynamic programming on the tree decomposition (based on Lemmas 1 14H17|1 
to compute the reduced extended model checking games Q = reduce(srf! ,$,<p) 
and the values Ylk=i a k\Uk\ f° r all structures sd[ — {stf, Ui, . . . , Ui) where Ui C 
A for 1 < i < I. Note that by the previous sections the algorithm does not need 
to distinguish between equivalent games. In a second phase, the algorithm tests 
whether the verifier has a winning strategy on convert (G), or, in other words 
(Lemma I13p. whether (si, U\, . . . , Ui) |= p. The algorithm then collects the 

values 2fc=i a fe|^fe| f° r au ^1 — U\, . . . , U{) with si( (= p and outputs the 
optimal one. Since most of the games considered are equivalent (LemmaJSJ), we 
can obtain the desired run time bounds. 

Without loss of generality, we assume X root rf\ — 0. Recall that for each 
i G T, saii is the substructure of si induced by those objects that appear at or 
below % in the tree decomposition. Let, for i 6 T, 

Alii = 0>{Ai) x • • • x &(Ai) = ^(Ai) 1 

be the set of possible interpretations of the free relation symbols {R\, ■ ■ ■ ,Ri) 
in sii, 

SXVi = { (sii, U u ..., Ui) | (Ui,..., Ut) £ Alii } 

be the set of their corresponding r-expansions of si , where for each 1 < j < I 
the symbol Rj is interpreted as Uj, and 

KZVi = { reduce(sf-, X u p) | si( € £ XV i } 

be the corresponding extended model checking games in their reduced form. Wc 
let (Ui, ...,Ui)nXi := (Ui nXi,...,Uin Xi) and 

An i nx i = {(u 1 ,..., Ui) nXi\(Ui,..., u t ) e atu } 
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be the restriction of ARi to X i7 and let, for U = {U\, . . .,Ui) G ARi R X i} 
£XTi(U) = { s/l G £XV l | Rf nX l = Uj for 1 < j < I } 

be the set of r-expansions of that "match" [/ on X^. Let 

TZ£V t (U) = { reduced, X u <p) \ s/( G £XV l {U) } 

be the corresponding games, and, for arbitrary games 1Z, 

£XV l (U,TZ) = {s/! G £XV t {U) \ K S reduce^, X u <p) } 

and 

K£V t {U, K) = { K' G K£V t {U) \K = K'}. 
Finally, we let, for £/ = (t/i, . . . , U{) G -47^, 

M(C7) = (sf i ,U 1 ,...,U l )[X i ], 

where R^ u ^ — \J i C\X i for each 1 < i < I, and 

K(U) = reduce(^i(U),Xi,<p). 

5.1. The Algorithm 

We use dynamic programming on the tree decomposition as follows. As 
usual, we associate with each node i G T of the tree decomposition a table Si 
that contains feasible, partial solutions and their corresponding value vali under 
the optimization function. 

Formally, we let Si : AR l C\X l -> @>(R£ V t \{l.}) map tuples U G AR l C\X l to 
sets of feasible games over i.e., games 7?. with 7?. ^ _L, and let vali ■ TZ£T>i — > 
Zqo be the corresponding values, where Z M = ZU {oo}. 

Initially, we let Si(U) := for all U G ARi R X { and vali{TZ) := oo for all 

n g Tefp,. 

Phase 1. The algorithm traverses the tree decomposition bottom-up. Recall 
that each node i G T is either a leaf, or of one of the three types introduce, 
forget, or join. The algorithm distinguishes these four cases as follows. 

leaf Let Xi — {x}. For all U = (U\, . . . , t/j) G ARiHXi the algorithm considers 
1Z(U) — reduce(s/i(U),Xi,ip). If TZ(U) ^ _L, then the algorithm sets 

S l (U) := {R(U)} and val t (n(U)) := 0. 

introduce Let j be the unique child of i and X, = Xj U {a;} for x £ Aj. 

For each t/,- = (t/j,i, ■ • ■ , £/j,i) G .47£j R-^fj, and each t/j = (f7»,i, • ■ • , G 
.47^ (~l ^ such that (?7,u, . . . , Ujj) = (U it i R X,-, . . . , U it i R Xj), the algo- 
rithm considers each TZj G Sj(Uj). 
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Let 

Hi 



T if TZj — T and 



combine(TZj ,TZ(Ui)) otherwise. 

If there is TZ\ G Si(Ui) with TZ\ = TZi, then let TZi := TZ\ instead. 
If TZi ^ _L, the algorithm sets 

Si(U) :— Si(U) U {TZi} and vali(TZi) := mm{vali{TZi) , valj(TZj)}. 

forget Let j be the unique child of i and X.- L U {x} = Xj for x ^ Ai. 

For each t/j = (t7j,i, ■ ■ ■ , f/j,/) € -47\Lj R the algorithm considers each 
TZj G Sj(Uj). Let Ui = [Ui,[, J7,-,j) - {U jt x nl„.., 27,-, j n X. t ) and 



Jt if 7^- = T and 

1 forget {TZj , x) otherwise. 



If there is 7£- G 5j(Uj) with 7\L- = 7£j, then let 7?.j := 7?.- instead. If now 
TZi 7^ -L, the algorithm sets Sj(t/j) := Si{Ui) U {7^} and 

vali{TZi) := min /wa^TS-i), valj{TZj) + J^afe(x £ C^i,fc)| • 

where (x 6 ?7j,fc) G {0, 1} as defined in Section [1] 

join Let be the children of i. Then Xj = Xj 1 = Xj 2 . 

For each U — {Ui, ...,[//) G ATZi R Xj the algorithm considers each pair 



(K^Kb) € S h (U) x S j2 (U). Let 
% = 



T if TZj 1 = T or 7£.,- 2 = T and 

combine (lZj 1 , TZj 2 ) otherwise. 



If there is TZ'i G Si{Ui) with TZ'i = TZi, then let 7?.j '■— TZ[ instead. If now 
7^ ^ 1, the algorithm sets Sj(Oj) := Sj(£/j) U {7£j} and 

vali{TZi) := m\ii{vali{TZi), valj^TZjA + valj 2 {7Zj 2 )} . 

Phase 2. Let r = root{T) and 

U r = (0, . . . , 0) G -4ft r n X, r = ATZ r n 0. 

The algorithm starts with OPT := oo and considers each TZ r G S r {U r ). If 
eval{convert{TZ r )) — T, then the algorithm updates 

OPT := min{ OPT, val r {TZ r )}. 

Finally, the algorithm outputs OPT . 
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5.2. Proofs 

In order to show that the algorithm is correct and computes the optimal 
solution, we use induction over the structure of the tree decomposition to show 
the following invariant. 

Invariant 1. After the algorithm has processed a node i £ T in Phase 1, for 
each U — {U\, . . . , U{) € ATZi H Xi we have that 

(I) for each s/( G £XVi(U) with TZ ~ reduce , Xi, ip) ^ _L there is exactly 
one TZ' € Si(U) with TZ' = TZ, 

(II) for each game TZ £ Si(U) we have TZ =/= J_ and TZ£T>i{U,TZ) ^ 0, and 

(III) for each TZ S Si(U) we have 

( i 



vali(TZ) — mini ak\Rff' \X 
fc=i 



sfl G £XV t {U,TZ) A 
reduce{s?l , X{, ip) ^ _L 



Here, (I) guarantees that Si is complete, i.e., Si(U) contains games for all 
feasible partial solutions, (II) guarantees that all games in Si(U) do, in fact, 
correspond to a reduced game over some r-expansion of s^i, and (III) guar- 
antees that we also compute the correct solution, i.e., vali(TZ) is optimal for 
TZ£T>i(U, TZ). Note that the "exactly one" in (I) is required for the claimed 
running time, but not for the correctness of the solution. 

Lemma 14. Invariant]]] holds for leafs of the tree decomposition. 

Proof. Let i G T be a leaf and U = (Ui, ...,Ui) G ATZi C)Xi = ATZi. Since i is 
a leaf, we have 

TZ£Vi(u) = { M(u) I u e ATZi n x l }, 

such that (I) and (II) clearly hold. Furthermore, TZ^ 1 ^^ \ Xi = for all 1 < 
j < I, since Ai\Xi — 0, and therefore vali{TZ) = for all TZ G TZ£T>i. □ 

Lemma 15. Let i £ T be an introduce node of the tree decomposition and 
j G T be the unique child of i. If Invariant^ holds for j before the algorithm 
processes i, then it also holds for i. 

Proof Let Xi = Xj U {x}, where x (£ Aj. Let U t = (U it i, U^i) G ATZi n X l 
and Uj = (IT,-, i, . . . , U jt i) G ATZjHXj with (C/ ijl5 . . . , IT,-,,) = {U^'nXj, ...,U u n 
Xj). 

Consider srf( G £XVi(Ui) and let sf! = srf{[Aj\. If 7^ = reduce^, X i} ip)^ 
_!_, then also TZj — reduce (£/j,Xj,tp) ^ !_ by Lemma [4] and Lemma [7] By 
Invariant [TJ Sj(Uj) therefore contains exactly one game TZj with TZ'j = TZj. If 
TZ'j = T, then TZi — T by Lemma 0] and Lemma [7] Otherwise, the algorithm 
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computes VJ i = combine (TZ'j,TZ(Ui)). By Lemma fTTl TZ\ = TZi, which implies 
part (I) of the invariant. 

Conversely, consider TZi G Si(Ui). Then either TZi = T and there is TZj G 
Sj(Uj) with TZj = T, or there is TZj G Sj(Uj) with TZi — combine(7Zj ,TZi(Ui)) . 
By the invariant for j, TZ£Vj{TZj) ^ 0. From this we get there is TZ'j G 
TZ£T>j(Uj,lZj) such that TZ'j = TZj and TZ'j = reduce{srfj ,Xj,(p) for some stf'j G 

— — srf 1 sd 1 

£XVj(Uj). Let sf( G £XVi(Ui), chosen in a way such that J , . . . , i? z J ) = 

n A,-,...,^' n A,). 

If TvLj = T, then, by LemmaHJand Lemma[7J reduce(&£[ , Xi, p) = T G Si(Ui). 
Otherwise, reduce (&fi, Xi, p) = combine(TZj ,TZ(Ui)) by Lemma [TT1 Either case 
implies (II). 

Finally, let TZi £ and G £X / P i (U i ,TZ i ) with reduce^, X u ip) ^ _L 

and 



£ a fe |J?f \ Xi| = mini £ a k \R.f \ X, 



k=l k k=l 



8*1 G £XVi(Ui,TZi) A reduce^- ,Xi,<p) ^ ± j. 

Let = By Lemmas @] and [7J 7?.j = reduce(& j , X j , p) ^ _L Therefore, 

either 7£j = reduce(ffj,Xj,p) = TZi = T, or otherwise combine(TZj,TZ(Ui)) = 
reduce{6j U s^i(Ui), Xi, p) = by Lemma [TT1 

We need that is optimal for £XVj(Uj,TZj). To this end, assume there 
was G £XVj(Uj,TZj) with 7^ = reduce^ Xj, p), such that either 72.^ = T 
or = combine(TZ'j, £^i{Ui)), and furthermore 

z i ( 

^a fe |<n^l>E^I^\ X il' 
fc=l fe=l 

Since, TZ'j = 7^,-, we have, by Lemma ITTT 
K' 



T if T^j = T and 



combine(TZj ,TZ(Ui)) otherwise, 

where TZ' i — reduce(s/! , X^ p) and jz// = s^j U ^(C/j). Therefore, 
i ( 

X)«*|i2f 4 \^|>E«fc|i2f 4 \^i|, 
fe=i fe=i 

a contradiction to the minimality of ffi. We conclude that 0j is optimal for 
£XVj(Uj,TZj). From this we get that 

I 

val j (TZ j )=^a k \R^\X j \ 
fc=i 

by the invariant for j, which implies (III). □ 
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Lemma 16. Let i G T be a forget node of the tree decomposition and j eT be 
the unique child of i. If Invariant^ holds for j before the algorithm processes i, 
then it also holds for i. 

Proof. Let j be the unique child of i and X, U {x} — Xj for x ^ X,. Note that 
j4 = m/j. Let Ui = . ._. , Uu) G ^ n X,. 

Consider is// G £X r P i (Ui) with 7£j = reduce(g// , X i: ip) ^ _L and let [/j = 

(C/j-,1 , . . . , U jtl ) = {Rf Bf' ) DXj G ,47£j n Xj and = reduce , Xj , tp) . 
Then, by Lemma U and Lemma [71 IZj ^ _L. Therefore, by the invariant for j, 
there is TZ'j G Sj(Uj) with 7^ = 7£j. If TZ'j = TZj = T, then, by Lemma [SJ also 
IZi = T. Otherwise, the algorithm computes VJ i = f or get (IZj, x) = 7£j. Either 
case implies (I). 

Conversely, consider TZi G Si(Ui). Then either 7£j = T and there is 0} G 
ATZj fl Xj and 7£j G Sj(Uj) with 7£j = T and Ui — Uj PI Xj, or there is 
0j 6 ^IT^j-nXj and 7\Lj G Sj(Uj), such that 0j = UjtlXi and TvLj = forget (lZj,x). 
By the invariant for j, in either case TZ£Vj(TZj) ^ 0. Therefore, there is TZ'j G 
lZ£T>j(Uj,7Z), where TZ'j = TZj and 7£j = reduce (g/j , X j , ip) , for some G 

Let «e// = If TZj — T, then, by Lemmas [3] and UJ reduce(s^( , Xj, ip) = 
T 6 Si(Ui). Otherwise, reduce(g/ i ',Xi,(p) = forget(TZj,x) = 7^j according to 
Lemma [T21 Either case implies (II). 

Finally, consider TZi G $t(f/j) and let ^ G £XVi(Ui,TZi) such that 

l r i 

£ a* I <* \-X*| = min I a » I ^ \ X > I 
fc=i I fe=i 

< G eXVi{Ui, 7^ ^ ) A reduce^-, Xj, ^ _L | 

and reduce(^i,Xi,(p) ^ _L. Let ^ = Then, by Lemmas [5] and TZj — 
reduce^, Xj,ip) ^ L. By (II), there is 7^ G <Sj(0j) with 7^ = 7£j, where 

Uj = (R 1 3 n Xj , . . . , i?; 3 n Xj ) . Analogue to the previous case, we obtain that 
0j is optimal in TZ£T>i(Uj,TZj). Therefore, by the induction hypothesis, 

i i i 

vd j (TZj) = J2 \^-i = E a *\ R k 3 \ x i\ - £ e < i \ x i)> 

fe=l fc=l fc=l 

which implies (III). 

□ 

Lemma 17. Let i E T be a join node of the tree decomposition with chil- 
dren j\,]2 G T. If Invariant]^ holds for j\ and j% before the algorithm pro- 
cesses i, then it also holds for i. 

Proof. Note that Xj = X n = X h . Let U = (U u . . . , U{) G ATZ l HI, = 
ATZj, n X jt = ATZ n n X i2 . 
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Consider si( G £XV l (U) and let, for j G {j u j 2 }, be sit = &f![Aj\. If TZ, = 
reduce(si i ' , Xi, p) ^ _L, then, for j G {31,32}, also TZj = reduce [sit ; Xj,tp) ^ _L 
by Lemma [B] and Lemma [7J By the invariant for j G {31,32}, Sj{U) therefore 
contains exactly one TZt with TZj = TZj. If TZj = T, then 7^ = T by Lemma [5] 
and Lemma [7] Otherwise, the algorithm computes TZ[ — combine{TZj 1 ,TZj 2 ). 
By Lemma fTTl VJ i = TZi, which implies (I). 

Conversely, consider TZi G Si(U). Then either TZi = T and there is j G 
{ji, j 2 } and ft., G 5,- (£7) with TZj = T, or there is (TZ n ,TZ j2 ) G 5^(17) X S h (U), 
such that 7^ = combine(TZj 1 ,TZj 2 ). By the invariant for j G {^1,^2}, we have 
■R£Vj(Kj) ^ 0, and therefore there is Rt G TZ£Vj(U,TZj) with 7^- ^ fcj and 

TZt = reduce (sij , Xj ,<£>), where sit = (sij, R,f Rf') G £XVj(U). Let 

< = (ssf i) Rf i ,...,Rf i ) G £XVi(U), such that flf* = i?f J1 U i?f 32 for all 
l<fc<Z. 

If T G {TZj 1 ,TZj 2 }, then, by Lemmas|6]and[7J reduce(si i ' , Xi, <p) = T G Si(U). 
Otherwise, reduoe.{sii, Xi, ip) = combine{JZj^,TZj 2 ) by Lemma 111! Either case 
implies (II). 

Now consider TZi G Si(U) and ff { G £XVi{U, TZi) with reduce{ff u X u tp) ^ _L 
and 

/ r / 

5] a fe |<* \ = mini ]T a fc |ii< \ JQ| 

k=l I fe=l 

,< G £XVi(U,7Zi) A reduce^-, X h tp) ^ _L j. 

Let, for j G {jitji}, 6j = &i\Aj\. Then, by Lemma [5] and Lemma TZj — 
reduce{(?j,Xj,tp) ^ J_. Therefore, either 7\Lj = reduce({?j,Xj,ip) = TZi = T 
for some j G {31,32}, or combine(TZj 1 ,TZj 2 ) = reduce{ffj 1 U ffj 21 Xi,Lp) = TZi by 
Lemma I 111 

Assume there were j G {ji, J2}, say j = ji, and ^ G £XVj(U,TZj) with 
= reduce(s?ij ,Xj,tp), such that 

^« fe |<^\X J |>^a fe |i??\^| 
fc=i fc=l 

and either TZj = T or TZi — combine (TZj,TZj 2 ) for some TZ'j 2 G TZ£T>j 2 (U, TZj 2 ). 
Since n4 ia = X,, structures (^,^) G TZ£V h (U) x TZ£V h (U) are 
compatible. By the invariant, part (II), we have TZ'j 2 = reduce{sit, Xj 2 , ip) for 
some £^' 2 G £XVj 2 (U). Without loss of generality, we assume sit = ffj 2J since 
each sij 2 with 

£a fc <n*il>£«*l<^*jl 

k=l k=l 
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yields the same contradiction. Therefore, since IZ'j = IZj, we have 

. _ (j if Tl'j = T or K h = T and 

\combine(7Z'j,7Zj 2 ) otherwise, 

by Lemma ITT| where TZ\ — reduce^- U &j 2 ,Xi,(p). Therefore, 
i i i 



fc=l k=l k=l 



a contradiction to the minimality of Therefore, for j £ {31,32}, &j is optimal 
in £XVi(U, IZj), and 

! 

mi^=5> fc |i?£'\X,-| 
fe=l 

by the invariant for j. By (II), there is TZ'j £ Sj(U) with 72^ = 72j, which then 
implies (III). □ 

Lemma 18. Let r = root(T) be the root of the tree decomposition, where X r = 
0, and let Invariant^ hold for r. Let U = (0, . . . , 0) and 



OPT = mini ^a k \U k \ 



Ui C A, 1 < i < I, and {si, Ui,...,U t ) \= <p 



k fc=i 

fee an optimal solution for the LinMSO -problem. Then 

OPT = min{ val r {lZ) \ 1Z G S r (U) A eval(convert{1Z)) = T }. 

Proof. Note that si = si r . Let «e/' be optimal, i.e., let be a r-expansion 
of such that .c/' |= and 

i 1 
5> fe |i*f'\X r |=5> fe |i?f | = OPT. 
fe=i fe=i 

Let 1Z = reduce (&/' , X r , (p). We have eval(M.C(si' , <p)) — T since |= ip, and 
therefore 

eval(convert(JZ)) = eval(MC(si' ,<p)) = T 

by Lemma fT3l Note that X r = and therefore „472 r fll r = {(0, . . . , 0)}. By 
Invariant [1] part (I), there is 1Z' £ Sj(U), such that 1Z' = 1Z, which implies 
OPT = val r (1Z') by part (III) and the optimality of si' for £XV r {U,TZ). Since 
eval(convert(lZ')) = T, we also have 

OPT = val r {1Z') > min{ val r (1Z") \ 1Z" £ S r (U) A eval{convert{1Z")) = T }. 
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Conversely, let TZ £ S r (U), such that eval( convert (1Z)) = T and 

val r (K) = min{ val r (K') \ K' £ S r (U) A eval(convert(K')) = T }. 

By part (II) of the invariant, there is a r-expansion srf" of gf, such that 
TZ = reduce(£/",X r ,ip). Since eval(convert(TZ)) — T, we have |= tp by 
Lemma IT3l Without loss of generality, we can assume by part (III), that si" is 
optimal for £XV r {U,TZ), i.e., val r (TZ) — J2k=i a k\Rff \X r \. We then directly 
conclude 

I i 

val r (1l)=Y,<Xk\Rk"\ > OPT = Y,<Xk\Rf\. 
fc=i fc=i 

□ 

We can now prove Theorem [3J 

Proof of Theorem [H Using induction over the structure of the tree decompo- 
sition and Lemmas I14H17I for the respective nodes, we know that Invariant [1] 
holds for the root node of the tree decomposition after the algorithm has finished 
Phase 1. By Lemma [TBI the algorithm outputs the correct solution in Phase 2. 

For the running time, consider i £T. We have \AlZiP\Xi\ = 0(2' Xi ' ; ), which 
for constant I < |r| and |X;| < w + 1 is a constant. For U £ ATZi Pi Xi, consider 
the set Si(U). Since the algorithm only inserts games into Si(U), if Si(U) does 
not already contain an equivalent game, 

\Si(U)\ < N XuV < exp« r ^ +1 ((|X 4 | + 1) (II^H)), 

by Lemma HI which for bounded |X;| is constant. Furthermore, by Lemma |9l 
for each TZ £ S l (U), 

\1Z\ <exp 9r ^ +1 ((|X 4 | + l)°(ll v ll>), 

again a constant. Finally, each position of each game is of the form (Jt?, Xi,ip), 
where \\tp\\ < \\tp\\ and = 0{\X t \ + \\(p\\), where ||Jf|| denotes the size 

of a suitable encoding of J$f. All operations on games, i.e., reduceQ, evalQ, 
combine(), forgetQ, and convert^), therefore take constant time. 

In total, at a node i £ T, a constant number of entries or pairs, respectively, 
is considered, and each operation takes constant time. The running time is 
therefore 0(\T\). □ 

5.3. Extensions 

Semiring Homomorphisms. Note that the algorithm implicitly used a homo- 
morphism 

I 

h: (U u ...,U l )^J2 a k\ U k\ 
fc=i 
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from the semiring (^(ATZ r ), W, U, 0, 0) into the semiring (Z^, +, min, 0, oo). 
Here, 3^{ATZ r ) is the set of all possible interpretations of the free relation sym- 
bols (i.e., a set of tuples of sets), W is a component-wise, disjoint union with 
neutral element = (0, . . . , 0), and U is the regular union of sets. The extension 
to other semiring homomorphisms, e.g., to count the number of interpretations 
satisfying the MSO property tp, is rather straightforward. See [H for a list of 
many interesting semirings. 

Many-sorted Structures. In this article, we considered one-sorted structures, 
i.e., structures whose universe contains objects of a single sort only. The cor- 
responding theory is also called MS i -theory in the literature and is strictly less 
powerful than corresponding logics for multi-sorted structures. For instance, re- 
call from Example [T] that a graph G = (V, E) can in a natural way be identified 
with a structure over the vocabulary rcraph = (adj), where V is identified with 
the one-sorted universe of vertices, and adj is interpreted as E. The Hamilto- 
NIAN Path problem for graphs cannot be expressed in MSO(TGraph), since this 



requires the use of edge-set quantification (see [35|, for instance). 

Fortunately, this poses no restriction in algorithmic applications. Firstly, 
it is not hard to extend the techniques in this paper to many-sorted struc- 
tures. Courcelle's original works [H, Hf were already proven for many-sorted 
structures. Secondly, one can easily simulate many-sorted structures by intro- 
ducing relation symbols that distinguish the respective objects in a common 
universe accordingly. For example, one can consider the incidence graph of a 
graph and introduce unary relation symbols V and E, which allow to distinguish 
objects of sort "vertex" or "edge" , and a new binary relation symbol inc for the 
incidence relation. Transforming a structure and a corresponding tree decom- 
position accordingly can be done efficiently and does not increase the width of 
the decomposition. Graphs with multi-edges can be represented similarly. 



6. Solving Concrete Problems 

In the analysis of the running time of the algorithm, we were rather pes- 
simistic w.r.t. the constants hidden in the 0(|T|). Recall that unless P = NP, 
these cannot be bounded by an elementary function, i.e., the running time of 
the algorithm cannot be 0(f(\\ip\\,w)n) for a fixed function / : NxN->N that 
is a nesting of exponentials of bounded depth [2j . 

The picture changes dramatically once we assume the problem is fixed, i.e., 
the problem description consisting of the vocabulary r, a formula tp S MSO(t) 
and the integers a±, . . . ,ai £ Z are constants. Specialized and comparably effi- 
cient algorithms exist for many problems, e.g., of running time 0(2 W poly{w)n) 
for the Minimum Vertex Cover problem, or of Q(3 w poly(w)n) for Minimum 
Dominating Set and 3-Colorability, cf. H, H3], where poly(w) is a fixed 



polynomial in w. Recent results furthermore indicate that better running times 



are improbable [48( . Assuming small treewidth, such algorithms might still turn 



out to be feasible in many practical applications, cf. [43]. 
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Figure 3: Simplified schematic of reduce X, vc), where si has universe A = {a}, X = A 
and a fjt Bf* . If any of the symbols x or y remains uninterpreted (cases x := nil and y := nil 
in the figure), then some of the plays in £A4C(£? ,0, vc) end with a draw and still persist in 
the reduced game. If stf = Mj and X = Xi for a node t of a tree decomposition, then this 
essentially means that it is still open whether nodes in the "future" of i will be adjacent or 
whether they will be contained in R. 

In this section, we estimate the running times of our generic approach for 
the three aforementioned problems. Let (T, X) be a tree decomposition of the 
input graph structure srf over TQraph, where T — (T, F) and X = (Xj)j £ T with 
\Xi\ < w for all i e T, i.e., has treewidth at most w — 1. 

6.1. Minimum Vertex Cover 

Recall from Example [5] that the formula 

vc = VxVy(^adj(x, y) V x 6 i? V y G R) G MSO(r Graph U {R}) 

is true on a (rcraphj -Restructure (Sf, U) if and only if U C G is a vertex cover 
for the graph Sf. Using the notation from the previous section, we claim that for 
each i G T and for all U G ARi (~l -Xj, the set Si(U) contains at most one entry 
1Z, and if 1Z G Si(U) for some £7, then |7£| = poly(w). To this end, consider 
arbitrary U G .47^ n X { and let ^/ G EXVi{U). 

For any a G Aj, such that a G J2 * , the verifier has a winning strategy on 
Q = £MC(srf", Xi,Vy ...), where stf" = {of!, a) with x<' = a, since the atomic 
formula x G i? is always satisfied for all y. Therefore, eval(Q) = reduce(Q) = T 
and reduceQ removes the subgame Q from EM.C{sil , Xi, vc). 

Consider now a subgame £ M.C(stf" , X^, Vy . . .), where srf" = {srf{,a) with 
a £ If there is b G A 4 , such that (a,b) G arfj^" and 6 £ R*" , 
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then the falsifier has a winning strategy on £AAC{s^( ,Xi, vc) and consequently 
reduce^-, Xi,vc) = JL. If otherwise for all b £ Ai either b £ Br* or (a,b) £ 
adj s ^ i , then we get reduce((g/J , a, b), X{, ■•■)) = T, and the corresponding sub- 
game will be removed by reduce{). Therefore only the subgame on with 
y * = nil remains undetermined. We conclude £MC{{srf!, bi), Xi, Vy . . .) = 
£MC((£/ l ',b 2 ),X u Vy...)fora\\b 1 ,b 2 £A l \X l . 

Due to the symmetry of x and y in the vertex cover formula, we can argue 
analogously for the cases where the roles of x and y have been interchanged. 
Therefore, TZ % = IZ2 for all 1Zi,1Z2 £ TZ£T>i(U), from which we conclude 
\Si(U)\ < 1. Each game is of size \TZ\ = 0(w), since by above considerations 

\subgames(reduce(£/ i " , Xi,Vy . . .))| < 

and \subgames(reduce(s^( , Xi, vc))\ < \Xi\ + 1 + 1: In both cases, we have \Xi\ 
subgames for the vertices in Xi , one subgame for all vertices in Ai \ Xi (since all 
of them are equivalent), and one subgame for the case that x and y, respectively, 
remain uninterpreted. See Figure [3] for an example. 

It is not hard to see that reduce(TZ), eval(1Z), convert (TV), forget {Hi) and 
combine (TZ\, TZ2) can be implemented in a way such that they run in time 
polynomial in \TZ\ and \TZ\\ + \TZ2\- Hence, we immediately find that the generic 
algorithm introduced in this article reaches, up to factors polynomial in w, the 
running time of 0{2 w n) of the specialized algorithm, since \AlZi PiXi\ = 2' Xi ' 
for all i £ T. 




6.2. Minimum Dominating Set 
The formula 

ds = Vx{x £RV 3y{y £ R A adj(x, y))) £ MSO(r Graph U {R}) 

holds in i^S , U) if and only if U C G is a dominating set for the graph . Let 
for each i £ T and U — {U x ) £ ATZ t n X t be fc_= \X,\ - \Ui\. We claim that 
\Sj{U)\ < 2 k . To this end, let again si{ £ £XV l (U) and TZ = reduce^', X, L , ds). 
Let U CA.be such that sf? = {si u U). 

If U dominates a £ Ai, then either a £ U and reduce((s^i, a), Xi,x £ R) = T, 
or there is b £ U that is adjacent to a, and reduce((s/i, a), Xi,3y . . .) = T. In 
both cases we get TZ' = reduce((&?i,a),Xi,x £ R V By . . .) = T, and therefore 
TZ' subgames (TZ). 

If a £ is not dominated by U, then reduce{{s^( ,a), Xi,x £ R) = _L 
and reduce(srf" ,Xi,y £ R A adj{x,yj) = _L for all stf" with x*** — a and 
y^i g These games are therefore removed by reduceQ. Only the game 
reduce(s^l' , Xi,y £ R A adj(x,y) with x**< = a and y*** = nil remains unde- 
termined. Thus for all 01,02 G \ Xj that are not dominated by U we have 
reduce {{srf( , ai), JQ, a; G i? V 3y . . .) = reduce {{#/■ , 0,2), Xi, x £ R V 3t/ . . .). 

For ,2//' with = nil the game reduce^" ,Xi,x £ R) remains undeter- 
mined. For &\\ b £ Ai\U we have reduce((&/" , b) , Xi, y £ R A adj(x,y)) = _L 
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adj(x,y 



Figure 4: Simplified schematic of reduce(.e/ , X, ds), where jrf has universe A = {a, b}, X = A, 
and R"* = {b}, such that a and b are not adjacent. Then a might still be dominated by a 
"future" vertex; the corresponding plays (following the upper y : = nil branch in the figure) 
end with a draw and therefore persist in the reduced game. Similarly, the branch x : = nil 
corresponds to the case that "future" vertices are chosen as interpretations for x. Such vertices 
can also be dominated by b, which is represented by the y := b branch in the figure. 

due to the subformula y G R; the corresponding subgame is therefore re- 
moved from £M.C(si",Xi,3y . . .). For all bi,b 2 G Ai n U we again have 
reduce((si" , b\), Xi, y G RAadj(x,y)) = reduce ( , b^), Xi, y S R/\adj(x,y)). 

All in all, either two games 72.1,7^2 £ lZ£T>i(U) only differ w.r.t. the sub- 
set of undominated nodes in Xi. Since there are k nodes in Xi that are 
not contained in U, this bounds \Sj(U)\ < 2 k . For each of them, we have 
\subgames(reduce(j^ i ",Xi, Vx. . .))| < |Xj| + l + l corresponding to at most \Xi\ 
undominated nodes in Xi, at most one undominated node in Ai\Xi and the sub- 
game for erf" with x** = nil. Furthermore, \subgames (reduce (si" , Xi, x 6 R V 
By . . .))| = 0(1) for with x^" ^ nil and | subgames (reduce {si" , X u x G RV 
3y.. .))| < \Xi\ + 1 + 1. We conclude that \TZ\ = 0(\X % \). See FigureHfor an 
example. 

In total, at a node i £ T, there are therefore at most 



entries stored, and each entry has size \TZ\ — 0(w). Nodes i G T of type leaf, 
forget are therefore processed in time 0(Z W poly(w)). For join nodes i G T with 
children ji, j 2 , every pair in Sj 1 (U) x Sj 2 (U) is considered. Therefore, at most 



entries are considered, which yields a running time of 0(5 W poly(w)n). This does 
not yet match the best specialized algorithm for the Minimum Dominating 





w 
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Set problem [Z^] with a running time of 0(3™ poly(w)n) , but is still faster than 
combining all pairs with a running time of Q(9 W poly(w)n) . We note that both 
the 0(3 W poly(w)n) bound from [43] and the 0{A w n) bound from [49[ exploit a 
certain "monotonicity" property of domination like problems, which does not 
hold for all problems that are expressible in MSO (Independent Dominating 
Set being an example). 

6.3. 3-COLORABILITY 

The formula 

3col = 3R 1 3R 2 3R 3 (vx(\/(x G R l ) A f\ (->x G R4 V ->x G #j)V 

VxVy ^-.adj^, y) v A G ^ V ""f G ^)) ^ e MSO(r Graph ) 

defining the 3-Colorability problem has no free symbols. Therefore AIZi = 
{()}, where () is the empty tuple, and the table Sj contains at most one en- 
try 1Z = reduce(^i, Xi, Scol). We estimate the size of 1Z. For, let 3col = 
3Ri3R^3R 3 Lp , where tp = part A is. Here, part = \/x . . . expresses that the Ri 
are a partition of the universe, and is = VxVy . . . ensures that each Rj is an 
independent set. 

If U = (Z7i, U2, U3) G ^(Ai) 3 is not a partition of A i: then the falsi- 
fier wins £MC((g/i, U±, U2, Us),Xi, part), and therefore reduce ((-a/,, U),Xi, <p) 
subgamesiJZ) . Otherwise, £MC((£/i,U,a) 7 Xi,part) = T for all a G A, and un- 
determined when x remains uninterpreted. Using the same arguments as for the 
similar vertex cover formula vc, we have 1Z± = JZ2 for all Uj — (C/3,1, Ujjs, i/7,3) G 
^(A 4 ) 3 with Ui n X, = O2 n X_and 7^ = reduce((£/ t ,U j ,_X l ,is) ^ JL, 1 < 
j < 2. This implies reduce{{s^i , £7i), X, (/?) = reduce ( (j^, E/jj), Xj, <p). Thus, 
subgamesiJZ) contains at most 0(3 W ) subgames TZi = reduce((£/i,U), X i} . . .) 7^ 
_L, which bounds |72.| = 0(3 W poly(w)). 

Thus, assuming combine (TZ%, IZ2) requires time 0(|72.i| • \TZ 2 \ ■ (IMI + 
we only can bound the total running time by 0(9™ poly(n)). This can probably 
be improved to O(3 w poly(n)) using a similar approach as for the tables Sj(U). 



7. Practical Experiments and Conclusion 

We started to implement the approach presented in this article in C++. The 
current version works for graphs over the vocabulary TQraph = (o-dj). At certain 
places, the implementation varies from the algorithms presented in this paper 
for increased efficiency. For instance, reduceQ is usually not called explicitly 
but computed directly where needed. 

We list some running times and memory usage of the implementation when 
solving the three problems discussed in the previous section. Input graphs are 
randomly generated subgraphs ofnxm grids and Erdos-Renyi random graphs. 
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Minimum Vertex Cover 







time in seconds 


memory in 


Mr> 


dimension 


runs 


min 


max 


median 


min 


max 


median 


1 x 200 


40 


0.2 


0.2 


0.2 


1 


1 


1 


2 x 100 


40 


0.3 


0.4 


0.3 


1 


1 


1 


6 X DO 


/in 


0.5 


0.9 


0.6 


1 


1 


i 
i 


4 x 50 


40 


0.1 


1.0 


0.1 


1 


1 


1 


5 x 40 


40 


0.2 


0.4 


0.3 


1 


2 


2 


6 x 33 


40 


0.3 


0.9 


0.5 


2 


3 


2 


7 x 28 


40 


0.6 


1.9 


1.0 


2 


5 


3 


8 x 25 


40 


1.2 


4.6 


2.3 


3 


9 


5 


9 x 22 


40 


1.9 


13.6 


5.2 


5 


18 


10 


10 x 20 


40 


4.4 


41.4 


13.7 


9 


36 


19.5 


11 x 18 


40 


11.3 


156.4 


46.2 


16 


62 


39 


12 x 16 


40 


28.2 


642.4 


185.2 


27 


128 


76 


13 x 15 


40 


61.3 


2644.9 


679.4 


42 


268 


145.5 


14 x 14 


40 


308.7 


10257.3 


3017.1 


80 


468 


283 


Minimum Dominating Set 






tim< 


3 in seconds 


memory in 


MB 


dimension 


runs 


min 


max 


median 


min 


max 


median 


1 x 200 


40 


0.3 


0.3 


0.3 


1 


1 


1 


2 x 100 


40 


0.8 


1.0 


0.9 


1 


1 


1 


3 x 66 


40 


0.2 


0.3 


0.2 


1 


1 


1 


4 x 50 


40 


0.6 


0.9 


0.8 


2 


3 


2.5 


5 x 40 


40 


2.2 


3.2 


2.8 


4 


6 


6 


6 x 33 


40 


8.3 


12.8 


11.6 


11 


17 


15 


7 x 28 


40 


40.3 


85.4 


71.0 


27 


47 


42 


8 x 25 


40 


238.9 


681.2 


493.7 


68 


137 


112 


9 x 22 


35 


1605.7 


8588.2 


5235.3 


170 


386 


332 



3-COLORABILITY 

time in seconds memory in MB 



dimension 


runs 


min 


max 


median 


min 


max 


median 


1 x 200 


20 


0.5 


0.6 


0.5 


1 


1 


1 


2 x 100 


20 


0.2 


0.2 


0.2 


1 


1 


1 


3 x 66 


20 


0.7 


1.6 


0.9 


2 


2 


2 


4 x 50 


20 


3.3 


6.3 


4.8 


5 


5 


5 


5 x 40 


20 


15.3 


38.3 


29.3 


10 


15 


14 


6 x 33 


20 


99.6 


317.4 


233.0 


26 


45 


42 


7 x 28 


20 


771.6 


2702.9 


2262.0 


70 


139 


123 


8 x 25 


15 


4029.2 


26841.6 


14032.5 


146 


373 


268 



Tabic 1: Running times and memory usage on random subgraphs of grids with about 200 
vertices 
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Minimum Vertex Cover 



time in seconds memory in MB 



width 


runs 


min 


max 


median 


min 


max 


median 


1 


387 


0.5 


0.8 


0.6 


2 


3 


2 


2 


179 


0.1 


1.0 


0.8 


2 


4 


3 


3 


68 


0.1 


0.3 


0.2 


3 


4 


3 


4 


74 


0.2 


0.5 


0.3 


3 


4 


4 


5 


69 


0.4 


1.3 


0.7 


3 


4 


4 


6 


62 


0.9 


2.3 


1.4 


4 


6 


5 


7 


38 


1.5 


5.5 


3.1 


5 


11 


9 


8 


36 


2.5 


14.0 


6.3 


8 


20 


15 


9 


45 


7.4 


34.9 


16.6 


18 


40 


27 


10 


29 


24.8 


121.6 


56.8 


30 


78 


56 


11 


28 


55.8 


382.1 


156.8 


56 


138 


103 


12 


29 


164.6 


1495.9 


392.7 


100 


293 


160 



Minimum Dominating Set 



time in seconds memory in MB 



width 


runs 


min 


max 


median 


min 


max 


median 


1 


387 


0.6 


0.9 


0.7 


2 


3 


2 


2 


174 


0.1 


1.0 


0.2 


2 


4 


3 


3 


39 


0.2 


0.8 


0.5 


3 


4 


3 


4 


30 


0.7 


4.5 


2.6 


4 


8 


6 


5 


17 


4.3 


29.2 


16.5 


8 


21 


16 


6 


9 


112.3 


318.5 


187.8 


38 


63 


49 


7 


1 


2403.9 


2403.9 


2403.9 


162 


162 


162 


8 


3 


35290.3 


64922.8 


51801.0 


319 


338 


321 


9 


1 


43228.4 


43228.4 


43228.4 


347 


347 


347 



3-COLORABILITY 



time in seconds memory in MB 



width 


runs 


min 


max 


median 


min 


max 


median 


1 


387 


0.1 


0.2 


0.1 


2 


3 


2 


2 


174 


0.2 


0.8 


0.5 


2 


4 


3 


3 


39 


0.8 


3.6 


2.2 


3 


6 


5 


4 


30 


4.1 


22.2 


15.0 


7 


16 


13 


5 


17 


35.3 


156.9 


99.9 


19 


52 


37 


6 


9 


485.8 


1328.8 


1168.8 


81 


150 


125 


8 


2 


33733.8 


75099.9 


54416.8 


446 


664 


555 



Tabic 2: Running times and memory usage for some random graphs on 200 vertices, grouped 
by the width of the tree decomposition used. 
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All graphs have about 200 vertices and the probability to include an edge ranges 
between 0.001 and 0.015. For the grid-subgraphs we used path decompositions 
of width n. Tree decompositions for the random graphs were computed by a 
triangulation heuristics (cf. [Ho|). The tests were done under Linux 2.6.32 on a 
Intel Core 2 Quad CPU Q6600 (2.40GHz) with 4 GB RAM. 

8. Conclusion 

Motivated by a practical application, we present an alternative proof of 
Courcelle's Theorem. Our proof is based on model checking games and tries 
to avoid expensive constructions such as the power set construction for tree 
automata, which turned out to cause some problems in practice. 

Let us mention that our approach could be made simpler if we applied it to 
graphs of bounded clique-width. The union operation for join nodes of a tree 
decomposition involves a "fusion" of elements and of interpretations of miliary 
symbols. The clique- width parse trees do not use miliary symbols and the union 
is replaced by a disjoint union, which simplifies many of the operations. On the 
other hand, the lack of suitable algorithms to compute the mandatory clique- 
width parse trees favors treewidth based techniques for practical applications. 

First experiments with our approach do indeed indicate practical feasibility. 
An implementation based on our proof can solve the 3-Colorability problem 
for some graphs where the automata theoretic approach based on the well- 
known MONA tool failed. The running times of our generic implementation 
can still not compete with specialized, hand-written algorithms that can easily 
solve problems such as, say 3-Colorability, for graphs of treewidth 15 and 
beyond. We are confident that further optimization can improve the feasibility 
of our generic approach in practical applications even more. 
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